Windows Server 2008 Ftp Configuration
Jul 12, 2012 Best Answer. To install the FTP service on Windows Server 2008. On the Start menu, click Administrative Tools, and then clickServer Manager. In the Server Manager Pane, in the Roles Summary section, clickWeb Server (IIS). In the Web Server (IIS) section, click Add Role Services.
During the last few days I have been setting up a Windows Server 2008 R2 in a VMware. I installed the standard FTP-Server on it by using the Webserver (IIS)-role.
I'm having trouble getting an FTP server setup on Windows 7. I've added the service using Control Panel - Programs - Turn Windows features on and off. I can see the service has started in Control. Windows Server has IIS build in, which also offers an FTP server option. The File Transfer Protocol (FTP) is still a very popular protocol that allows users to simply upload and download files. The File Transfer Protocol (FTP) is still a very popular protocol that allows users to simply upload and download files.
Everything works fine with accessing my FTP-Site with ftp://localhost in Firefox. I can also get access to it via the local IP of my Server. Actually everything works fine in my LAN.
Editplus 5 serial. It is a fairly decent tool that can efficiently replace the old Notepad.
But here's my problem:
I want to get access 'from outside', using the external IP or a dyndns-URL. I have a LinkSys-Router in front of my Server, therefore I'm forwarding all the important ports.
If you may now think 'this idiot has probably forgotten some ports', I must dissappoint you. It even works getting access to my Server-Website and messing around in some WebInterfaces.
The problem is my passive FTP (active works for me). I always get a timeout, when e.g. FileZilla waits for a response to the LIST-command. The one big thing I don't get, is, why my Server sends a response to the PASV-command, naming a port like 40918, even if I have restricted the data port range for my passive FTP ( in the IIS-Manager) to e.g. [5000-5009].
I simply don't want to open and forward all possible data ports!
And another thing is, I can't specify a static external IP address for my server, since I don't own any.
I have already tried these solutions:
--- EDIT: ---
There is one idea rising up in my mind:
When I use FileZilla to connect by passive mode I always get something like this:227 Entering Passive Mode (192,168,1,102,160,86)
According to a Rhinosof-article FZ tries to connect on port '160*256+86 = 41046', although I have restricted the data ports (as mentioned above). Could this be caused by the router, that doesn't forward out-ports directly, but uses different ones?
(--> The IP-Adress given is the local one, since I'm not able to define a static external in the IIS-Mgr)
--- EDIT 2: ---
I have had an idea about changing the dynamicportrange via netsh interface, but not even the examples given by the help-text itself worked. I think I'll give it up with the IIS-FTP und then use the FileZilla-Server.
Conclusion: Hello freeware, bye 'costs, but simply works'-Windows * cough *.
4 Answers
Changing the dynamic port range in windows will not help. The only thing it does is limit what port will be used for the client side of a socket connection.
Server 2008 Ftp Server Setup
What you need to do is limit the port range used by IIS's FTP server. There is a pretty good blog post about that on MSDN but here are the high points:
If you're using the built-in FTP server, you need to first install the 'IIS 6 metabase compatibility' role service (as well as the associated scriting tools) and then use the following command to set the proper metabase property:
adsutil.vbs set /MSFTPSVC/PassivePortRange '5500-5525'
- If you're using the IIS 7.5 downloadable FTP module (the one you get from this page) then all you need it open the server's configuration editor and edit the 'data channel port range' property under 'FTP Firewall Support > Data Channel Port Range' in applicationHost.config.
Regardless of the above, you will still need to port forward the whole range on your NAT gateway device for external connections to work. Most descent Firewall/NAT devices have protocol helpers included for FTP that will allow them to identify the PASV command and react accordingly, but not all do (and it usually won't work if you're using non-standard port for the FTP command channel).
P.S. You should consider using a different protocol than FTP if you're behind NAT: you can't make it work without ugly - and risky - workarounds. I suggest you investigate SFTP or WebDAV.
StephaneStephaneHave you tried putting the FTP Server in your router's DMZ just to see if its the router that is dropping the packets? Try that.
Also, turn on the windows firewall logging (Control Panel -> Admin Tools -> Windows Firewall and Advance Security, right click 'Windows Firewall and Advance Security' in the console, go to Properties, then enable Logging there for dropped packets) just to see if your computer outside the network was able to ask for the correct ports.
Falcon Momotnetsh advfirewall set global StatefulFtp enable
netsh advfirewall firewall add rule name='FTP for IIS' service=ftpsvc action=allow protocol=TCP dir=in
MugurelMugurelFor those of you that are using a Windows server hosted using Microsoft's Azure Cloud Service, if you are using a Network Security Group, you will also need to create an inbound rule there that matches the port range that you setup inf the FTP Firewall Support section in IIS.