In order to enable FTP on your windows 2003 server, first you should install FTP publishing service. By default FTP service on windows 2003 server can establish active and passive connections. Default port range which is used by FTP service in passive mode is 1024 ~ 5000. You can change this range in IIS meta base. To change this range do the following steps:
a) Enable Direct Metabase Edit
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.
b) Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Type cd Inetpub\AdminScripts and then press ENTER.
3. Type the following command from a command prompt.
Cscript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700"
4. Restart the FTP service.
If your windows server is behind firewall, you should open these ports in firewall, and if you have enabled internal windows firewall, then you should open these ports in windows firewall too.
When I wanted to open passive port range in windows internal firewall, I found that there is no way to define a port range in firewall’s exceptions section, (where you can define ports that do not want to protect with windows firewall). In Linux it’s easy to define a port range in IPTABLES (Linux internal firewall), you can use : to define a port range. For example 1024:5000, I wonder how a perfect operating system such as windows 2003 server does not have a mechanism to define a port range in it’s internal firewall ! If you want to define a port range, you should define each port separately in firewall exception !
After a few searches I found that when you define a port in windows internal firewall exception part, it creates a key in registry which defines rule for protecting your defined port. So I thought that it is possible to write a program which creates these keys in registry automatically to bypass the tedious work of port range defining.
I’ll be thankful if somebody suggests a better solution to enable a port range in windows firewall. For more information visit the following pages: