Skip to main content

Setup Passive FTP on Windows 2003 and IIS6

Two key items need to be completed for this:

  1. Configure FTP to use a specific range of passive ports so only a short range need be allowed through Windows Firewall.
  2. Setup the passive FTP port range to work through Windows Firewall.

Configure FTP to use a restricted range of passive FTP ports

By default passive FTP under IIS 6 will use a port in the range 1024 – 65535.
When setting your own range of ports the range must be within 5001 – 65535.

Enable Direct Metabase Edit in IIS
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.

Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Set the directory to Inetpub\AdminScripts. Depending on your system configuration this can either be achieved by entering cd Inetpub\AdminScripts and then pressing ENTER or cd C:\Inetpub\AdminScripts and pressing ENTER or locate the path for your system.
3. Type the following command and press ENTER (replace the range 5500-5700 with the port range you wish to use):  adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700"
4. Restart the FTP service.

BEWARE the port range must be separated by a – and not a comma, must be enclosed by double quotes and must not overlap with a range in use by any other application. Failing to comply with any of these restrictions will mean the FTP service will not start, if you attempt to restart IIS none of the IIS services will start until you have resolved the issue. Should this happen go back to the command prompt mentioned above, browse to the AdminScripts folder, enter adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700" and press ENTER, the FTP service will now start while you work out what went wrong.

Configure Windows Firewall

You will need to add your range of ports as exceptions in Windows Firewall.

1. Click Start, click Run, type cmd and then click OK.
2. Type in the following and hit ENTER (replace the port numbers with the range you are using): FOR /L %I IN (5500,1,5700) DO netsh firewall add portopening TCP %I "Passive FTP"%I
3. Each port will be added with an OK confirmation.

Final steps for firewall configuration:

1. Manually add an exception for TCP port 21.
2. Make sure that the FTP server option IS NOT ticked under Network Connection Settings in Windows Firewall, if it is then your passive FTP port range will be ignored – strange but true! The network connection settings can be found by opening Windows Firewall in Control Panel, select the Advanced tab, select each connection in turn, click Settings, ensure the box next to “FTP Server” is not ticked.

Thanks to John.Geek.NZ for the heads up on the last Windows Firewall gotcha.


Popular posts from this blog

Take website screenshot using ASP.NET

Utilising a hidden web browser control it is possible to take a screenshot of any website. The code shown below is based on an article at (sorry the site now appears to be offline May 2012) but I have translated it from VB.NET to C# and will work in .NET so theoretically for any Windows or ASP.NET web project.
using System; using System.Drawing; using System.Drawing.Imaging; using System.Windows.Forms; using System.Diagnostics; namespace WebsiteScreenshot { public class GetImage { private int s_Height; private int s_Width; private int f_Height; private int f_Width; private string myURL; public int ScreenHeight { get { return s_Height; } set { s_Height = value; } } public int ScreenWidth { get { return s_Width; } set { s_Width = value; } } public int ImageWidth { get { return f_Width; } set { f_Width = value; } } public int ImageHeight { get { return f_Height; } set { f_Height = value; } } public string Website …

John Hamblin Furniture Restorer - New Website

I was asked to produce a new website for local furniture restorer and cabinet maker John Hamblin. Having struggled with another provider who failed to deliver a finished website I was asked to take the website on and produce a simple site that communicates their values of high quality workmanship and excellent customer service.

The new website is live and can be viewed here:

Compress and de-compress strings in C#

A collection of resources on compressing and encrypting strings in C#.
Microsoft documentation on the System.IO.Compression.GZipStream class:
Helpful example class utilising GZip:
The GZipStream class is predominantly used for file compression but can be used efficiently for compressing strings of 300-400 characters or more. Below 300 characters there isn’t any measurable gain from the compression and for particularly short strings the compressed version may in fact be larger.
Class provided by C Sharp Help:
using System.IO.Compression;
using System.Text;
using System.IO;
public static string Compress(string text)
    byte[] buffer = Encoding.UTF8.GetBytes(text);
    MemoryStream ms = new MemoryStream();
    using (GZipStream zip = new GZipStream(ms, CompressionMode.Compress, true))����…