FTP on Server 2008

[Steve]

I have one Server 2008 just ahead main ADSL router. Through port forwarding
I can access it from outside.
I have enabled ports 21 and 443 also, but cannot access to the Server.

I checked telnet server 21 and 443 from this server, but it isn't opened,
even FTP is enabled in Windows Firewall with Advanced Security.

Please help, how to open ports 21, 80 and 443 on Server 2008?

 

[Andrew Morton]

Steve wrote:
> I have one Server 2008 just ahead main ADSL router. Through port
> forwarding I can access it from outside.
> I have enabled ports 21 and 443 also, but cannot access to the Server.
>
> I checked telnet server 21 and 443 from this server, but it isn't
> opened, even FTP is enabled in Windows Firewall with Advanced
> Security.
> Please help, how to open ports 21, 80 and 443 on Server 2008?

You seem to have forgotten port 20.

This appears at first glance to be a good explanation of what's needed for
FTP:

http://slacksite.com/other/ftp.html

Andrew

 

[Steve]

"Andrew Morton" wrote in message
news:7jlhnqF3600jeU1@mid.individual.net...
> Steve wrote:
>> I have one Server 2008 just ahead main ADSL router. Through port
>> forwarding I can access it from outside.
>> I have enabled ports 21 and 443 also, but cannot access to the Server.
>>
>> I checked telnet server 21 and 443 from this server, but it isn't
>> opened, even FTP is enabled in Windows Firewall with Advanced
>> Security.
>> Please help, how to open ports 21, 80 and 443 on Server 2008?
>
> You seem to have forgotten port 20.
>
> This appears at first glance to be a good explanation of what's needed for
> FTP:
>
> http://slacksite.com/other/ftp.html
>
> Andrew
>

Hm, telnet on the same server through port 21 doesn't work....?!

 

[Tim Judd]

Steve wrote:
> I have one Server 2008 just ahead main ADSL router. Through port forwarding
> I can access it from outside.
> I have enabled ports 21 and 443 also, but cannot access to the Server.
>
> I checked telnet server 21 and 443 from this server, but it isn't opened,
> even FTP is enabled in Windows Firewall with Advanced Security.
>
> Please help, how to open ports 21, 80 and 443 on Server 2008?
>
>

FTP is still having problems through firewalls. It's a protocol
designed before firewalls, so the concept of passing through firewalls
is foreign to it. So far, all we have are workarounds to a protocol
that doesn't naturally fit on RFC1918 addresses.

FTP uses TCP port 21 for it's "command channel" where all the commands,
status prompts and feedback are on.
FTP also uses TCP port 20 (the "data channel"), and random (ports >1024
all the way through the highest port, 65535) ports to transfer the
actual data.
Allowing 21 through only allows the command channel through. You won't
be able to transfer files. Since passive FTP lets the FTP server
connect to the client at random ports, firewalls block that. Whether
the blocking is outgoing or incoming, it's blocked.

To have successful FTP, in the protocol it was written for, the machine
has to be completely exposed on that IP. No firewall action on either end.


I haven't yet seen the .dll or .exe that serves as the ftp server (for
Active or Passive mode) to allow it through the firewalls.



Good luck.

 

[Steve]

"Tim Judd" wrote in message
news:%23FP8d2NTKHA.4364@TK2MSFTNGP04.phx.gbl...
> Steve wrote:
>> I have one Server 2008 just ahead main ADSL router. Through port
>> forwarding I can access it from outside.
>> I have enabled ports 21 and 443 also, but cannot access to the Server.
>>
>> I checked telnet server 21 and 443 from this server, but it isn't opened,
>> even FTP is enabled in Windows Firewall with Advanced Security.
>>
>> Please help, how to open ports 21, 80 and 443 on Server 2008?
>
> FTP is still having problems through firewalls. It's a protocol designed
> before firewalls, so the concept of passing through firewalls is foreign
> to it. So far, all we have are workarounds to a protocol that doesn't
> naturally fit on RFC1918 addresses.
>
> FTP uses TCP port 21 for it's "command channel" where all the commands,
> status prompts and feedback are on.
> FTP also uses TCP port 20 (the "data channel"), and random (ports >1024
> all the way through the highest port, 65535) ports to transfer the actual
> data.
> Allowing 21 through only allows the command channel through. You won't be
> able to transfer files. Since passive FTP lets the FTP server connect to
> the client at random ports, firewalls block that. Whether the blocking is
> outgoing or incoming, it's blocked.
>
> To have successful FTP, in the protocol it was written for, the machine
> has to be completely exposed on that IP. No firewall action on either
> end.
>
>
> I haven't yet seen the .dll or .exe that serves as the ftp server (for
> Active or Passive mode) to allow it through the firewalls.
>
>
>
> Good luck.


FTP works very well on ISA server and through only port 21. I'll revert back
to ISA firewall and setup it again.

 

[lemur]

'How to configure the new Windows Server 2008 advanced firewall MMC
snap-in'
(http://www.windowsnetworking.com/articles_...MC-snap-in.html)

-for command prompt: C: netstat -an |find /i "listening" - - >
c:'openports.txt-


--
lemur

::If *ANYONE* in this forum helps you, please click on
their *REP* icon. Thanks! (the middle scale icon in the upper right
corner)::

 

[Steve]

"lemur" wrote in message
news:c19a89a1cee5bb1e137f11a37bddc0c1@nntp-gateway.com...
>
> 'How to configure the new Windows Server 2008 advanced firewall MMC
> snap-in'
> (http://www.windowsnetworking.com/articles_...MC-snap-in.html)
>
> -for command prompt: C: netstat -an |find /i "listening" - - >
> c:'openports.txt-
>
>
> --
> lemur
>
> ::If *ANYONE* in this forum helps you, please click on
> their *REP* icon. Thanks! (the middle scale icon in the upper right
> corner)::

Hi,

This is netstat:

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2967 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:34571 0.0.0.0:0 LISTENING
TCP 0.0.0.0:34572 0.0.0.0:0 LISTENING
TCP 0.0.0.0:34573 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49162 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49166 0.0.0.0:0 LISTENING
TCP 192.168.1.6:139 0.0.0.0:0 LISTENING
TCP 192.168.16.6:139 0.0.0.0:0 LISTENING
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:2179 [::]:0 LISTENING
TCP [::]:3389 [::]:0 LISTENING
TCP [::]:34571 [::]:0 LISTENING
TCP [::]:34572 [::]:0 LISTENING
TCP [::]:34573 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49157 [::]:0 LISTENING
TCP [::]:49162 [::]:0 LISTENING
TCP [::]:49166 [::]:0 LISTENING

Firewall is OFF, FTP is added as Exception... But it's not displayed on
netstat??

 

[Dusko Savatovic]

You did install FTP feature on the server, didn't you?

"Steve" wrote in message
news:ec8w7VSTKHA.4360@TK2MSFTNGP04.phx.gbl...
> "lemur" wrote in message
> news:c19a89a1cee5bb1e137f11a37bddc0c1@nntp-gateway.com...
>>
>> 'How to configure the new Windows Server 2008 advanced firewall MMC
>> snap-in'
>> (http://www.windowsnetworking.com/articles_...MC-snap-in.html)
>>
>> -for command prompt: C: netstat -an |find /i "listening" - - >
>> c:'openports.txt-
>>
>>
>> --
>> lemur
>>
>> ::If *ANYONE* in this forum helps you, please click on
>> their *REP* icon. Thanks! (the middle scale icon in the upper right
>> corner)::
>
> Hi,
>
> This is netstat:
>
> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:2967 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:34571 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:34572 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:34573 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:49162 0.0.0.0:0 LISTENING
> TCP 0.0.0.0:49166 0.0.0.0:0 LISTENING
> TCP 192.168.1.6:139 0.0.0.0:0 LISTENING
> TCP 192.168.16.6:139 0.0.0.0:0 LISTENING
> TCP [::]:135 [::]:0 LISTENING
> TCP [::]:445 [::]:0 LISTENING
> TCP [::]:2179 [::]:0 LISTENING
> TCP [::]:3389 [::]:0 LISTENING
> TCP [::]:34571 [::]:0 LISTENING
> TCP [::]:34572 [::]:0 LISTENING
> TCP [::]:34573 [::]:0 LISTENING
> TCP [::]:49153 [::]:0 LISTENING
> TCP [::]:49154 [::]:0 LISTENING
> TCP [::]:49155 [::]:0 LISTENING
> TCP [::]:49157 [::]:0 LISTENING
> TCP [::]:49162 [::]:0 LISTENING
> TCP [::]:49166 [::]:0 LISTENING
>
> Firewall is OFF, FTP is added as Exception... But it's not displayed on
> netstat??
>