Setting PASV firewall exceptions in Windows Server 2003

Home Forums General Firewall Help Setting PASV firewall exceptions in Windows Server 2003

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #29666

    After a few hours of Googling and screwing around with tools and batch commands, I thought I’d give this forum a try.

    I’ve recently set up Cerberus on a Windows Small Business Server 2003. I really love the fact that is provides secure FTP transfers and AD user integration, so for me there is no better (free ;) alternative than Cerberus.

    For testing purposes only, I used the internet connection and email wizard to manually configure a few PASV port exceptions. This worked fine, and I could login with Explicit TLS/SSL enabled. Good for me, you’d say…

    But here’s the thing: I want a few (say:20) users to be able to connect and transfer data at the same time. I’m no expert in the FTP-protocol, but the Cerberus-log showed that for each LIST-command a new PASV port is being used. To I thought it would be wise to let the portrange for the PASV-connections be about 100. But to manually add this to the Windows Server Firewall would be a very tedious task.

    I’ve googled a lot, and tries some of the answers it provided, such as: use the iis6 resource kit; only works with IIS FTP server, use the netsh-command;only works if you use the built-in windows firewall (usually in XP, not 2003), but no success. I think the firewall used in the Server-editions of windows is part of the RAS-service

    So my question is this: does anyone know a quick and easy way to configure multiple firewall exceptions?


    jscheppers – Did you ever find a solution ? I’ve been trying to do the exact same thing for months – can’t seem to find any way of getting it to work. Any tips or info would be appreciated


    Hi Mike,

    No, sadly I haven’t. I ended up adding 150 ports manually in the Internet and E-mail Connection Wizard (or something). It’s a devilish task, but in the end you’ve got a working (S)FTP server :)

    But if you’re trying to get your server working for say 100+ clients, you may want to contact Microsoft to ask if there is a better way, because for 100+ clients you’d need about 500 PASV-ports. I think your doctor, psychiatrist and I agree you should NOT try adding 500 exceptions to your firewall manually :P


    Thanks for the response. I suppose I was hoping for a miracle.

    Used the ‘port adding’ at one stage but got fed up with it so

    I’m, at the moment, running a seperate dedicated stand-alone FTP machine that bypasses the SBS 2003 server system. Seemed the quickest solution.

    Cheers :D



    How can I search for a firewall on my own computer? I have a program that says I need to disable a firewall before using it, but I can’t find a firewall on my computer! I already turned off Windows Firewall and AVG firewall, and now it still says that. Is there a way I could search to see if one is still on that I can’t see?



Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.
Close Cart

Shopping Cart