-1

szenario:

(outside)---(ASA5510)---(inside) ->Windows2008 DC

.....................(dmz)

..........->Win2008 FTP Server

Which Ports do I need to open from DMZ->Inside that FTP Users can authentificated on the Inside DC?

I have allready opend 389 (Ldap), 636 (secure Ldap) and 53 (dns). But the ftp Client stucks allways after processing the credentials and the FTP Server gives you an eventlog "logon error". the error messages indicates that there could be an issue with closed ports.

if I turn the ACL to "IP", that means all ports are open, everything is working fine.

sam
  • 155
  • 2
  • 5
  • 17
  • 1
    This KB article might be helpful: http://support.microsoft.com/kb/832017 – gm3dmo Apr 23 '10 at 07:55
  • thank you, it was helpful. please use the "answer" function instead of comment, so that i can mark the question as answered. – sam Jul 22 '10 at 12:21

1 Answers1

0

FTP uses two different TCP ports. Port 21 for ftp commands and port 20 for ftp data.

With only port 21 allowed through the firewall you would need to use a passive ftp connection.

You can switch to passive mode in the Microsoft command line ftp client by issuing the following command after login:

ftp> QUOTE PASV

You should receive a 227 response to the effect of "Entering Passive Mode".

At this point you should be able to continue unfettered.

Chris H
  • 56
  • 3