in

This Blog

Syndication

Tags

Advertising

mystyleit

Passive FTP Server Using IIS

Passive FTP Server Using IIS

This document will cover some common configuration questions for IIS and FTP. This document assumes that IIS and FTP have been successfully installed.

PORT and PASV

In short, their are two mode to FTP, PORT and PASV.

Port mode uses only port 21 for all communications. It is the easiest to get setup, however almost all FTP client's default setting is to use passive mode. For example, Internet Explorer's default is to use PASV.

Passive mode uses port 21 for the initial connection and then asks the server what ports should this session use. The passive FTP ports generally fall between 1024 and 65535.

If passive FTP is not setup it is more than likely users will have a hard time downloading/uploading files from your FTP server.

Setting Up a PASV Server

The first step in setting a passive FTP server using IIS is to choosing the ports to use. Generally speaking most choose something near 5000 to 5100. This information must be entered into the IIS metabase to enable passive FTP.

The following command, run from the command line, add will update the metabase to use ports 5500 to 5025:

ECHO ADDING PORT RANGE TO IIS C:\Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5525"

Alternatively you could add this information directly to the IIS meta by using the Metabase Explorer which is part of the IIS Resource Pack available for download from Microsoft.

http://www.microsoft.com/downloads/details.aspx?FamilyID=56FC92EE-A71A-4C73-B628-ADE629C89499

To add the ports using the metabase explorer, in MSFTPSVC create a new string key called PassivePortRange and set the value to start port-end port.

Complete the setup by restarting the FTP Publishing Service.

Firewall

If your FTP server is not directly connected to the Internet, behind a router, and you do not use the Windows Firewall you FTP server is now setup for passive connections. The router should automatically route the passive connections (PASV mode is actually designed for servers behind routers). You still need to port forward port 21.

If your FTP server is directly connected to the Internet you must open the ports selected above to complete the setup. The following batch script will add ports 5500 through 5525 to Windows firewall exception list.

ECHO OPENING FIREWALL PORTS
FOR /L %%I IN (5500,1,5525) DO NETSH FIREWALL ADD PORTOPENING TCP %%I [%%I]
iisreset
ECHO FINISHED

Published Dec 11 2007, 04:59 PM by mike.clarke
Filed under: ,

Comments

 

jojo said:

for what version of IIS is this?

May 18, 2009 7:32 PM
 

Nargrakhan said:

Looks like IIS6... the version that comes with Windows 2003.

August 28, 2009 1:49 PM

Leave a Comment

(required)  
(optional)
(required)  
Add

About mike.clarke

Mike is currently a Systems Specialist for a major Canadian software developer and the founder of mystyleit.com.