What is FTP?


Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP works in the same way as HTTP for transferring Web pages from a server to a user's browser and SMTP for transferring electronic mail across the Internet in that, like these technologies, FTP uses the Internet's TCP/IP protocols to enable data transfer.

FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (e.g., uploading a Web page file to a server).

FTP is a TCP based service exclusively. There is no UDP component to FTP.

There are two ways to communication with FTP and that is: active and passive.

FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.

How does Active FTP work?


In active mode FTP the client connects from a random unprivileged port (poer number > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.

Firewall on Active FTP - what ports should be opened on server and client side?

On server port 20 and port 21 must be opened on the client (home user) ports higher than 1023 must be opened for successfull ftp connection and transfer of files.

How does Passive FTP work?

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server.

When opening an FTP connection, the client opens two random unprivileged ports locally (port number > 1023 and port number+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command.

The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port (port number+1) to port (port number) on the server to transfer data.

The passive FTP protocol is very good because a lot of connections on internet are over ADSL, cable... and clients use routers to connect to the internet. Routers usualy filter data so active ftp protocol can not be used. This problem is solved with active file transfer protocol.

Firewall on Passive FTP - what ports should be opened on server and client side?

On server port 21 and ports (port number > 1023) must be opened. On client side no change is needed.

Setting active FTP on windows IIS with windows firewall configuration


Ok. Now we know what passive and active ftp stands for and how it is working. In next steps I will show you how you can configure IIS FTP server to use both active and passive ftp connection.

First we install IIS and FTP service. For that we fo in: Control Pannel - Add or Remove programs - Add/Remove windows components

add-remove windows components internet information services window
Instalation of Internet Information Services
File transfer protocol (FTP) service
Under "Details" we must also install "File transfer protocol (FTP) service"

Now we are on half of our way. For ftp to work we also need to configure Windows Firewall. We find it under: Control Panel - Network connections - select "properties" on Local Area Network

Local Area Connection Properties
Example of Local Area Connection properties
Advanced firewall settings
we select "Advanced" and add port 20 and port 21
Open specific port in windows firewall
example of adding (opening) port 21 in windows firewall

And that is it - we can now use active FTP to transfer files to our machine.

Setting passive FTP on windows IIS6 and IIS7 with windows firewall

Passive FTP is a little bit more complicated. Because we have to open ports: 21 and ports higher than 1023 (port number > 1023). Now here we can tweek our windows ftp service a little bit. We can tell IIS what ports to use fot passive ftp connection.

So we can set FTP port range for example to use only 20 ports for passive connection. So we start cmd (command prompt windows), go to folder c:\Inetpub\adminiscripts and there we have adsutil.vbs cript to help us set port range.

The command-line we use is: adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5520"

setting passive ftp port range with adsutil.vbs
example of setting passive FTP port range fo 20 ports (5500-5520)
script does not work with WScript
WScript windows - not working
Register CScript for VBScript
So we let script be registered for VBScript

successfully registered CScript

If CScript is not registered with VBScript then we let it register

Now all is left for us to restart FTP service under IIS Control Panel and open ports 5500, 5501, 5502 ... 5520.

windows firewall ftp opened ports
list of ports enabled in windows should look something like this

This tutorial can be used with windows server 2003, windows server 2000, windows XP and windows XP proffessional. If you find this tutorial to be usefull please add link to it http://www.velikan.net/iis-pasive-ftp so other people will also find this tutorial page.


Updates and upgrades FTP

27.10.2009 - Thanks to Mike and his remark (we updated post): Hi -- i found a very useful post on your site but it looks like the directions ommitted using the word 'set' in line: "The command-line we use is: adsutil.vbs /MSFTPSVC/PassivePortRange "5500-5520"it need to be: The command-line we use is: adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5520"this page is located: http://www.velikan.net/iis-passive-ftp/other than that great post. Mike

Interesting webpages
web-link Exchange:
spletna trgovina - vse za vaše hišne ljubljenčke (pse, muce, ribe ...)
kvalitetno in cenovno ugodno lektoriranje vseh vrst besedil
Bistriški tednih panorama - aktualni dogodki in zanimivosti
knjigovodstvo - vodenje knjigovodstva in računovodstvo
gostovanje in izdelava statičnih in dinamičnih ispletnih strani
sendMail for Windows
sending Mail with sendmail for Windows
Povezave Diskom
Spletne povezave
Povezave sloHOST
sloHost webDirectories
Free webdirectory
Web directory add your sites for free - free link exchange.
This webpage is supported by link exchange and web directory at www.webdirectory.si You can add link in directory to your website for free.
All content and photos of webpage installing passive and active FTP server in windows server 2003 IIS and setting windows firewall
are copyrighted material and are not allowed to distribute without author permission. Copyrighted ©2007 www.slohost.net.