Lately I find myself wading through a lot of IIS-related issues and the IIS6 FTP server has been driving me crazy.
I’ve never really worked with IIS before. Given Microsoft’s bent to make things as simple as possible, I’m surprised at the amount of time I have to spend figuring out basic configuration issues. The various Microsoft GUIs contain no way to set a passive FTP port range, or even a range of ports in Windows Firewall for that matter.
I’d originally assumed that I could just add the FTP server .exe to the list of exceptions in the firewall Exceptions tab: This way any ports that the server opened would be automagically accepted by Windows. From the running services it appears that Inetinfo.exe is the FTP server, or at least encapsulates an FTP service along with other services. An article here tells me that adding Inetinfo.exe to the list of exceptions would be rather naughty, so I have resorted to the tedious, manual means of configuring and opening passive FTP ports. I wonder if there’s a real FTP server binary somewhere in there that I could make an exception.
Anyway, the manual process in a nutshell…
- Set some passive ports in the IIS Metabase:
C:\Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "5000-5010"
(note that you cannot explicitly tell IIS to use active or passive.. it wants to figure that out for itself based on the available ports and what the ftp client is requesting)
- Open same ports in Windows Firewall:
FOR /L %%I IN (5000,1,5010) DO NETSH FIREWALL ADD PORTOPENING TCP %%I FTPPort%%I
- Restart IIS:
- Go back to doing more productive things.
Unless you have a lot of people FTPing in and out of your server, ten or so open ports should work.