With IIS7, it is possible to specify a data port range of passive FTP.
This should be a good news for some Firewall administrators.
# I do not know if is was already possible with IIS6. I have never tried to have a serious FTP service on a Windows box.
However, I have the impression that we can not open a range of ports with the Windows local firewall.
Ridiculously, you can only specify a single number…
OK, then what about adding a program to the exception? The deamon process servicing FTP.
You know? With 2008, it appears that many services are running with just one executable, SVCHOST.EXE.
So for example,
C:\>tasklist /SVC
Image Name PID Services
============================================
…
svchost.exe 2880 ftpsvc
…
is the one for FTP I think.
But then if I try to add it to the exception, the system complains. OK, understand, it is almost the same as switching the firewall off…
So, after all this, my conclusion for the moment is that we switch off the local firewall to allow (default for many FTP clients I think) FTP Passive mode.
Follow-up on October 1, 2008:
Found a commnad to issue to “Activate firewall application filter for FTP (aka Stateful FTP) that will dynamically open ports for data connections”.
http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment