MS Firewall Ports - Help Please

This forum is for anyone experiencing problems related to their firewall settings. More specifically, anyone experiecing connection issues should take a look at this forum.
Post Reply
magicstuff
New User
Posts: 4
Joined: Wed Dec 01, 2010 9:58 am

MS Firewall Ports - Help Please

Post by magicstuff » Wed Dec 01, 2010 10:07 am

I have a hosted server (Windows 2003 Server), single external IP (202.52.52.52 not really my ip). I have opened ports 20 and 21 using MS windows firewall.

I Still get "..rks 2010-12-01 22;49;35.zip": Read timed out." errors when uploading (Cobian backup) with the firewall on.
Turn of the firewall and no errors at all.

What other ports need to be opened for passive ftp?
Any help would be great.

I understand there are other posts similar.
If I need to add a range, how using windows firewall.
Im using AVG Antivirus, no AVG firewall.

Cheers

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: MS Firewall Ports - Help Please

Post by Serin » Wed Dec 01, 2010 10:17 am

The default port range is 11000-13000 for passive ports. You can change them to anything you want through the Advanced tab of the Server Manager.

magicstuff
New User
Posts: 4
Joined: Wed Dec 01, 2010 9:58 am

Re: MS Firewall Ports - Help Please

Post by magicstuff » Wed Dec 01, 2010 10:29 am

At the moment mine is 1025 to 3500, If im only going to have 5 clients at a time can i change the range 1025-1035 (just incase) and only open the ten ports in windows Firewall.
When it uses the ports, does it start from the lowest one for the first connection and then so-on?

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: MS Firewall Ports - Help Please

Post by Serin » Wed Dec 01, 2010 12:59 pm

You will need at least a few hundred ports. A new port is used every time a file or directory listing is requested. Adding Cerberus to the Windows Firewall exception list should be sufficient to allow those ports.

However, I recommend changing to a much higher port range. There are many services that like to use those lower port ranges. Try something in the range of 50000- 51000, or the default 11000 - 13000.

magicstuff
New User
Posts: 4
Joined: Wed Dec 01, 2010 9:58 am

Re: MS Firewall Ports - Help Please

Post by magicstuff » Wed Dec 01, 2010 7:58 pm

I have opened 11000-15000 ports (using a script: for /L %I IN (11000,1,15000) DO netsh firewall add portopening TCP %I "FTP Port"%I)
but I still get the following error:

ERR 2010-12-02 08:34 Error uploading the file "C:\Apps\CIM_MYOB_Daily 2010-12-02 08;24;50.zip": Read timed out.
...
Error closing connection: An Existing connection was forcibly closed by the remote host.

Is there any other ports? 20, 21, 11000-15000 are all open.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: MS Firewall Ports - Help Please

Post by Serin » Wed Dec 01, 2010 11:33 pm

Port 21 is the default control connection port and if you didn't have it open you wouldn't be able to connect. Your firewall must still be blocking the ports. Port 20 is used for outgoing connection for active mode. Your firewall must be configured to allow port 20 outbound connections if you are using active mode FTP.

Are you sure Cerberus and your firewall are configured for the same passive port range?

magicstuff
New User
Posts: 4
Joined: Wed Dec 01, 2010 9:58 am

Re: MS Firewall Ports - Help Please

Post by magicstuff » Thu Dec 02, 2010 4:22 am

I think it's all good now, Ill test again tonight.
The problem was the ports were opened in windows firewall but there is a advanced section where you can edit individual ports on different adapters. That was stuffed.

thanks heaps everyone for your help.
:-)

Post Reply