Archive

Posts Tagged ‘Passive Port’

How to enable PassivePortRange In IIS

January 12, 2011 Leave a comment

For Windows 2003 Server

A) Add Passive port range in IIS

a) To Enable Direct Metabase Edit
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.

b) Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Type cd Inetpub\AdminScripts and then press ENTER.
3. Type the following command from a command prompt.
adsutil.vbs set /MSFTPSVC/PassivePortRange “5500-5700″
4. Restart the FTP service.

You’ll see the following output, when you configure via ADSUTIL script:

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001.

All rights reserved.PassivePortRange : (STRING) “5500-5700″

B) Add firewall exception in windows firewall

To add a range of ports to Windows Firewall from the Command Line

1. Click Start, click Run, type cmd, and then click OK.
2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in ” “.
FOR /L %I IN (5500,1,5701) DO netsh firewall add portopening TCP %I “Passive FTP”%I
3. Each port in the range will be added with an “OK” confirmation.

Or you can manually add the port exception as follows.

1. Click Start >> Run >> firewall.cpl ( Hit enter) , and select the Exceptions tab.
2. Click the Add Port button.
3. Enter a Name for the Exception and the first number in the port range.
4. Click TCP if not already selected and click OK.
5. Repeat for each port in the range – for large ranges see the end of the document.
6. Enable the Windows Firewall on the General Tab.

For Windows 2008 Server

A) Add Passive port range  in IIS

1. Go to IIS 7.0 Manager. In the Connections pane, click the server-level node in the tree.
2.  Double-click the FTP Firewall Support icon in the list of features.
3. Enter a range of values for the Data Channel Port Range.
4. Once you have entered the port range for your FTP service, click Apply in the Actions pane to save your configuration settings.

Notes:

1. The valid range for ports is 1024 through 65535. (Ports from 1 through 1023 are reserved for use by system services.)
2. You can enter a special port range of “0-0″ to configure the FTP server to use the Windows TCP/IP dynamic port range. The default dynamic port range in windows 2008 server is from 49152 to 65535.

You can view this details by issuing the folowing command in the server.

C:\Users\Administrator>netsh int ipv4 show dynamicport tcp

3. For additional information, please see the following Microsoft Knowledge Base articles:

* 929851 – http://support.microsoft.com/kb/929851/

4. This port range will need to be added to the allowed settings for your firewall server.

To configure the external IPv4 Address for a Specific FTP Site
1. Go to IIS 7.0 Manager. In the Connections pane, click the FTP site that you created earlier in the tree, Double-click the FTP Firewall Support icon in the list of features.
2. Enter the IPv4 address of the external-facing address of your firewall server for the External IP Address of Firewall setting.
3. Once you have entered the external IPv4 address for your firewall server, click Apply in the Actions pane to save your configuration settings.

B. Add firewall exception in windows firewall

To add a range of ports to Windows Firewall from the Command Line

1. Click Start, click Run, type cmd, and then click OK.
2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in ” “.

3.  FOR /L %I IN (49152,1,65535) DO netsh advfirewall firewall add rule name=”Passiveport”%I dir=out action=allow protocol=TCP localport=%I

4. Each port in the range will be added with an “OK” confirmation.

The command to add individual port in exception is pasting below.

C:\Users\Administrator>netsh advfirewall firewall add rule name=”OpenPort65535″ dir=out action=allow protocol=TCP localport=65535

Categories: IIS, Windows Tags: