Setting PASV firewall exceptions in Windows Server 2003

This forum is for anyone experiencing problems related to their firewall settings. More specifically, anyone experiecing connection issues should take a look at this forum.
Post Reply
jscheppers
New User
Posts: 4
Joined: Tue Feb 12, 2008 4:10 pm

Setting PASV firewall exceptions in Windows Server 2003

Post by jscheppers » Tue Feb 12, 2008 4:27 pm

After a few hours of Googling and screwing around with tools and batch commands, I thought I'd give this forum a try.

I've recently set up Cerberus on a Windows Small Business Server 2003. I really love the fact that is provides secure FTP transfers and AD user integration, so for me there is no better (free ;) alternative than Cerberus.
For testing purposes only, I used the internet connection and email wizard to manually configure a few PASV port exceptions. This worked fine, and I could login with Explicit TLS/SSL enabled. Good for me, you'd say...

But here's the thing: I want a few (say:20) users to be able to connect and transfer data at the same time. I'm no expert in the FTP-protocol, but the Cerberus-log showed that for each LIST-command a new PASV port is being used. To I thought it would be wise to let the portrange for the PASV-connections be about 100. But to manually add this to the Windows Server Firewall would be a very tedious task.

I've googled a lot, and tries some of the answers it provided, such as: use the iis6 resource kit; only works with IIS FTP server, use the netsh-command;only works if you use the built-in windows firewall (usually in XP, not 2003), but no success. I think the firewall used in the Server-editions of windows is part of the RAS-service

So my question is this: does anyone know a quick and easy way to configure multiple firewall exceptions?

mikej101
Posts: 2
Joined: Mon Nov 13, 2006 10:41 am

Post by mikej101 » Sun Feb 22, 2009 3:34 pm

jscheppers - Did you ever find a solution ? I've been trying to do the exact same thing for months - can't seem to find any way of getting it to work. Any tips or info would be appreciated

jscheppers
New User
Posts: 4
Joined: Tue Feb 12, 2008 4:10 pm

Post by jscheppers » Mon Feb 23, 2009 3:14 am

Hi Mike,

No, sadly I haven't. I ended up adding 150 ports manually in the Internet and E-mail Connection Wizard (or something). It's a devilish task, but in the end you've got a working (S)FTP server :)

But if you're trying to get your server working for say 100+ clients, you may want to contact Microsoft to ask if there is a better way, because for 100+ clients you'd need about 500 PASV-ports. I think your doctor, psychiatrist and I agree you should NOT try adding 500 exceptions to your firewall manually :P

mikej101
Posts: 2
Joined: Mon Nov 13, 2006 10:41 am

SBS2003 and Cerberus

Post by mikej101 » Mon Feb 23, 2009 3:31 am

Thanks for the response. I suppose I was hoping for a miracle.
Used the 'port adding' at one stage but got fed up with it so
I'm, at the moment, running a seperate dedicated stand-alone FTP machine that bypasses the SBS 2003 server system. Seemed the quickest solution.

Cheers :D

Mike

pacella
Posts: 1
Joined: Thu Nov 12, 2009 2:44 am

Re: Setting PASV firewall exceptions in Windows Server 2003

Post by pacella » Sat Nov 14, 2009 4:32 am

How can I search for a firewall on my own computer? I have a program that says I need to disable a firewall before using it, but I can't find a firewall on my computer! I already turned off Windows Firewall and AVG firewall, and now it still says that. Is there a way I could search to see if one is still on that I can't see?
_____________________
matrimonial

Post Reply