Page 1 of 1

Setting PASV firewall exceptions in Windows Server 2003

Posted: Tue Feb 12, 2008 4:27 pm
by jscheppers
After a few hours of Googling and screwing around with tools and batch commands, I thought I'd give this forum a try.

I've recently set up Cerberus on a Windows Small Business Server 2003. I really love the fact that is provides secure FTP transfers and AD user integration, so for me there is no better (free ;) alternative than Cerberus.
For testing purposes only, I used the internet connection and email wizard to manually configure a few PASV port exceptions. This worked fine, and I could login with Explicit TLS/SSL enabled. Good for me, you'd say...

But here's the thing: I want a few (say:20) users to be able to connect and transfer data at the same time. I'm no expert in the FTP-protocol, but the Cerberus-log showed that for each LIST-command a new PASV port is being used. To I thought it would be wise to let the portrange for the PASV-connections be about 100. But to manually add this to the Windows Server Firewall would be a very tedious task.

I've googled a lot, and tries some of the answers it provided, such as: use the iis6 resource kit; only works with IIS FTP server, use the netsh-command;only works if you use the built-in windows firewall (usually in XP, not 2003), but no success. I think the firewall used in the Server-editions of windows is part of the RAS-service

So my question is this: does anyone know a quick and easy way to configure multiple firewall exceptions?

Posted: Sun Feb 22, 2009 3:34 pm
by mikej101
jscheppers - Did you ever find a solution ? I've been trying to do the exact same thing for months - can't seem to find any way of getting it to work. Any tips or info would be appreciated

Posted: Mon Feb 23, 2009 3:14 am
by jscheppers
Hi Mike,

No, sadly I haven't. I ended up adding 150 ports manually in the Internet and E-mail Connection Wizard (or something). It's a devilish task, but in the end you've got a working (S)FTP server :)

But if you're trying to get your server working for say 100+ clients, you may want to contact Microsoft to ask if there is a better way, because for 100+ clients you'd need about 500 PASV-ports. I think your doctor, psychiatrist and I agree you should NOT try adding 500 exceptions to your firewall manually :P

SBS2003 and Cerberus

Posted: Mon Feb 23, 2009 3:31 am
by mikej101
Thanks for the response. I suppose I was hoping for a miracle.
Used the 'port adding' at one stage but got fed up with it so
I'm, at the moment, running a seperate dedicated stand-alone FTP machine that bypasses the SBS 2003 server system. Seemed the quickest solution.

Cheers :D


Re: Setting PASV firewall exceptions in Windows Server 2003

Posted: Sat Nov 14, 2009 4:32 am
by pacella
How can I search for a firewall on my own computer? I have a program that says I need to disable a firewall before using it, but I can't find a firewall on my computer! I already turned off Windows Firewall and AVG firewall, and now it still says that. Is there a way I could search to see if one is still on that I can't see?