0

I have created an FTP site in Windows Server 2012 R2. The server is hosted on a domain and the user is also on a domain. The FTP is configured on some random port 3586 and will work on Active Mode.

The FTP works fine on the local network but when I try to connect it from other network, FileZilla fails to retrieve directory listing where as the command line gets stuck at

150 opening ascii mode data connection.

I know my firewall settings are wrong but I don't know what to enter in local port settings and what to enter in remote port settings for Inbound and Outbound settings.

Can someone please help me how to set the Windows Server firewall settings. I will be much grateful

Thanks.

Martin Prikryl
  • 7,756
  • 2
  • 39
  • 73
fox321
  • 1
  • 1
  • 1
  • https://docs.microsoft.com/en-us/iis/publish/using-the-ftp-service/configuring-ftp-firewall-settings-in-iis-7 Nobody uses actively mode today, as it requires the client side firewall settings too. Please stick to passive mode. – Lex Li Aug 02 '18 at 19:33

1 Answers1

0

If you really need to use Active mode, you need to allow incoming data connecting on a local machine firewall.

Go to FileZilla settings and check what local ports it uses for the Active mode. Ideally restrict the range to a small set. And than open that range in local firewall.

Though, if you are using Passive mode capable client, you would use Passive mode and not Active one.

Martin Prikryl
  • 7,756
  • 2
  • 39
  • 73
  • I had port 3586 open in my WAN firewall. I opened Remote port 3586 in my local windows server firewall for inbound as well as remote port 3585 for outbound for data connection. What am I doing wrong. Filezilla settings are correct because it used to work before and I haven't changed its settings since then. – fox321 Aug 01 '18 at 00:26
  • Did you check what local port FileZilla uses? It's a range not a single port. – Martin Prikryl Aug 01 '18 at 06:02
  • So you're using 3586 as your command port (equivalent to port 21) and 3585 as the data port (eg port 20)? Both of these need to be allowed for inbound connections, not just the command one. The client (Filezilla in this case) connects first to the command port, and then sends data via the data port so both are needed. That's why you get that error, the command part has been done, and the FTP server has said it's listening for a data connection, but can't receive it if the data port hasn't been allowed. – Keith Langmead Aug 01 '18 at 20:52