Skip to main content

Setup Passive FTP on Windows 2003 and IIS6

Two key items need to be completed for this:

  1. Configure FTP to use a specific range of passive ports so only a short range need be allowed through Windows Firewall.
  2. Setup the passive FTP port range to work through Windows Firewall.

Configure FTP to use a restricted range of passive FTP ports

By default passive FTP under IIS 6 will use a port in the range 1024 – 65535.
When setting your own range of ports the range must be within 5001 – 65535.

Enable Direct Metabase Edit in IIS
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.

Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Set the directory to Inetpub\AdminScripts. Depending on your system configuration this can either be achieved by entering cd Inetpub\AdminScripts and then pressing ENTER or cd C:\Inetpub\AdminScripts and pressing ENTER or locate the path for your system.
3. Type the following command and press ENTER (replace the range 5500-5700 with the port range you wish to use):  adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700"
4. Restart the FTP service.

BEWARE the port range must be separated by a – and not a comma, must be enclosed by double quotes and must not overlap with a range in use by any other application. Failing to comply with any of these restrictions will mean the FTP service will not start, if you attempt to restart IIS none of the IIS services will start until you have resolved the issue. Should this happen go back to the command prompt mentioned above, browse to the AdminScripts folder, enter adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5700" and press ENTER, the FTP service will now start while you work out what went wrong.

Configure Windows Firewall

You will need to add your range of ports as exceptions in Windows Firewall.

1. Click Start, click Run, type cmd and then click OK.
2. Type in the following and hit ENTER (replace the port numbers with the range you are using): FOR /L %I IN (5500,1,5700) DO netsh firewall add portopening TCP %I "Passive FTP"%I
3. Each port will be added with an OK confirmation.

Final steps for firewall configuration:

1. Manually add an exception for TCP port 21.
2. Make sure that the FTP server option IS NOT ticked under Network Connection Settings in Windows Firewall, if it is then your passive FTP port range will be ignored – strange but true! The network connection settings can be found by opening Windows Firewall in Control Panel, select the Advanced tab, select each connection in turn, click Settings, ensure the box next to “FTP Server” is not ticked.

Thanks to John.Geek.NZ for the heads up on the last Windows Firewall gotcha.

Comments

Popular posts from this blog

Take website screenshot using ASP.NET

Utilising a hidden web browser control it is possible to take a screenshot of any website. The code shown below is based on an article at plentyofcode.com  (sorry the site now appears to be offline May 2012) but I have translated it from VB.NET to C# and will work in .NET so theoretically for any Windows or ASP.NET web project. using System; using System.Drawing; using System.Drawing.Imaging; using System.Windows.Forms; using System.Diagnostics; namespace WebsiteScreenshot { public class GetImage { private int s_Height; private int s_Width; private int f_Height; private int f_Width; private string myURL; public int ScreenHeight { get { return s_Height; } set { s_Height = value; } } public int ScreenWidth { get { return s_Width; } set { s_Width = value; } } public int ImageWidth { get { return f_Width; } set { f_Width = value; } } public int ImageHeight { get { return f_Height; } set { f_Height = value; } } public string Websit

Ad hoc access to OLE DB provider has been denied

Using post SP2 SQL 7 (+ 2000 etc) attempting to access an OLEDB data source using OPENROWSET can produce the slightly spurious error: Ad hoc access to OLE DB provider 'MSDASQL' has been denied. You must access this provider through a linked server. In usual Microsoft style the message doesn't really mean what it says. From SQL 7 SP2 onwards MS by default blocked ad hoc query access with OLEDB. As the message suggests you could setup a linked server but that can be a real pain. Alternatively if you need ad hoc access server wide you could turn on ad hoc access for the SQL server you are using, explained in MS speak here: http://support.microsoft.com/default.aspx?kbid=266008 Ah, but it's not that simple. A little more witchcraft is required. The following registry settings can be used to enable ad hoc access: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Providers] "DisallowAdhocAccess"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLSer

Compress and de-compress strings in C#

A collection of resources on compressing and encrypting strings in C#. Microsoft documentation on the System.IO.Compression.GZipStream class: http://msdn.microsoft.com/en-us/library/system.io.compression.gzipstream.aspx Helpful example class utilising GZip: http://www.csharphelp.com/2007/09/compress-and-decompress-strings-in-c/ The GZipStream class is predominantly used for file compression but can be used efficiently for compressing strings of 300-400 characters or more. Below 300 characters there isn’t any measurable gain from the compression and for particularly short strings the compressed version may in fact be larger. Class provided by C Sharp Help : using System.IO.Compression; using System.Text; using System.IO; public static string Compress(string text) {     byte[] buffer = Encoding.UTF8.GetBytes(text);     MemoryStream ms = new MemoryStream();     using (GZipStream zip = new GZipStream(ms, CompressionMode.Compress,