
Now this is a wide range and I do not recommend opening all these ports. By default the FTP client will connect through passive mode, and opens a random port between 1-65535. When port 21 is configurated in the Firewall, and you have setup the users/groups in the FileZilla Server setup you still can encounter the problem above. I had the following problem: Response:Ē27 Entering Passive ModeĮrror: Failed to retrieve directory listing

Traditional FTP uses port 21, you should open this on your Firewall (see below) but even after opening up this port some errors can rise to the occasion when using passive ftp.
#PASSIVE FTP PORTS TO OPEN WINDOWS#
Setting up the FileZilla Server is straightforward, but after configuration the user/groups and directory you can have some trouble setting up the Windows Server 2012 Firewall. If you do not know FileZilla Server or the Filezilla Client I strongly encourage you to try them out at FileZilla comes with a lite and lean GUI, great logging tools, connection (speed)limits and more. I prefer to use FileZilla FTP Server above the traditional IIS FTP module. The firewall must allow connections to the ephemeral ports used by the FTP application.Īdditional information about constructing firewall rules can be found here.Setup FileZilla Server Passive Ports on Windows Server 2012.The firewall must allow connections on port 21.Two firewall rules are necessary for passive FTP to function properly: This configuration will ensure that clients are able to make inbound c onnections on the passive FTP port provided by the server. With a Microsoft IIS server in the default configuration, firewall rules must allow inbound connections on ports through 65535. For example, Microsoft IIS uses ports 1024 through 65535 by default.
#PASSIVE FTP PORTS TO OPEN SOFTWARE#
The documentation about your particular FTP server software should contain information about the ephemeral ports used when passive FTP is requested by a client. Ephemeral ports are typically high numbered and outside the range of IANA registered ports. An ephemeral port is a temporary, non-registered port used for communication. Firewall rules must be constructed to allow inbound connections on port 21 and inbound connections on the ephemeral ports used by the client when connecting to the FTP server using a passive connection.

The FTP session has now been establishedīecause the client initiates all connections, the client firewall will not block any traffic, as shown below:Ĭonfiguration for passive FTP on an MX appliance requires some additional knowledge of the FTP application.

The client initiates a connection to the server on this ephemeral port. The port command specifies a random, high-numbered (ephemeral) port that the client can connect to. The server responds with the PORT command. The source port is a random, high-numbered port. The client sends the PASV command to an FTP server on port 21. A passive FTP connection follows the following process: This process is effective because most firewalls allow inbound traffic from sessions initiated by the client. When passive FTP is used, the client will initiate the connection to the server. Both the server and the client must support passive FTP for this process to work. Passive FTP is an FTP mode that can be requested by a client to alleviate the issues caused by client-side firewalls.
