Problem solved: FTP and Windows 2003 Firewall

Since I’m new to blogging I didn’t know how to use my own domain name with this blog. A quick Google revealed that the way it works is that I simply use Blogger as usual but whenever I publish anything it is published to my web server using FTP.

I have my own web server and currently do not use FTP so I had to set that up. I’m using Windows 2003 Server Enterprise Edition SP1 and I wanted to use the FTP server that comes with it (IIS 6). I have set up FTP on Windows before so I didn’t think it would be a problem, but that was before the Windows firewall…

After setting up configuring and starting my FTP server I had no problem to log on to it, but I got a timeout right away when the FTP client (I was simply using IE6 as my FTP client) tried to do the initial directory listing. Same thing when I tried to publish from Blogger. Using localhost on the server itself or using the console FTP client – ftp.exe – in Windows XP SP2 worked fine however.

I’ll skip all the Googling, MSDN search, trial and error and try to make a long story short:

I found out that there seems to be a problem with the Windows Firewall. On the Exceptions tab I had made an exception for FTP on TCP port 21 but as it turned out that did not work but I had to go to the Advanced tab, select my connection under Network Connection Settings and click the Settings button. From there check FTP Server and vo├Čla, it works.

Why there is a difference between making the exception from the Exceptions tab or the Advanced tab I don’t know, probably a bug if you ask me. But right now I don’t care about that – I’m just happy that it’s working!

21 Replies to “Problem solved: FTP and Windows 2003 Firewall”

  1. This is great!!!
    I have been looking for this…

    Thank you for sharing your experience…

  2. it is because the ftp protocol requires data ports etc to also be unblocked. They have a built in setting to take care of it all

  3. Mate, your solution worked a treat. I was close to ripping my hair out as I was just putting the FTP in the exceptions list. The strange thing is that HTTP works fine by just putting it in the exceptions list!

    Help was much appreciated!

  4. yyyeeeepeeeehhh… Got crazy w/ this problem … was even switching OFF the firewall for each upload! … BIG HUG to ya for this solution! (and a BIG BUG to Microsoft for again beeing such fouls – when are you sick guys starting to sell software, that works?!)

  5. O M G

    Super late to this but….

    searching for 2 days and all the “expert” website. CTD Nuggest (or whatever there called) Torrent every stuipd MS book on SK3.

    So thanks a million. i hope i can buy you a cup of coffee someday (or tea).

  6. you’re a legend, was going nuts last night trying to find the answer to this problem. Thanks very much.

  7. Awesome Sauce! This problem has plagued me for a year and I ended up using 3rd party FTP software to get around it — but now after a reset and thanks to your entry I can use Windows FTP Again! MS Needs to create a KB article for this one!

  8. Thank you for posting this – registered a new server and this issue was driving me up the wall. I had to disable the firewall everytime I wanted to FTP to the server. Anyway, thanks again.

  9. FTP protocol has two channels, the command channel which runs on port 21, and the data channel which is used for performing directory listings and file transfers. The data channel can use a random range of ports and are typically established using passive connections.

    So, you may have been able to connect, but without adding ftp server program to exception list you could not do directory listings or file transfers.

    For a better description of passive connections see the following article.

    http://blog.jscape.com/jscape/2008/05/what-is-the-d-1.html

  10. In order to allow the Windows Server to act as an FTP server, there are actually two things that need to occur on the firewall settings:
    1) With the Firewall on, click on the Exceptions tab and then click “Add Port” name the port FTP and put 20 in the port number. Then click “Ok”. Click “Add Port” again and name the second exception FTP2 and put 21 in the port number, then click “Ok”.
    2) Windows Firewall will still not allow FTP connections until you do this: On the Advanced tab of Windows Firewall, in the “Network Settings” box, click on “Local Area Connection” then the Settings button. On the Services tab, check the box next to “FTP Server” and click “Ok”, then “Ok” again to exit Windows Firewall and Viola, the Windows server will allow FTP connections.

Leave a Reply

Your email address will not be published. Required fields are marked *