problems using different different FTP port with windows firewall

[Guest Paul]

Hi all. It would be fab if you could help me please!

 

I need to run 2 ftp sites on the same server (windows server 2003).

I've got the first one using port 21, but need the second ftp site to

use a different port I think (unless there's a way to get 2 ftp sites

working on port 21? binding?).

 

so, for my second ftp site I am using port 8001. it works ok with my

ftp client with the windows firewall off, but when I turn it on and

add port 8001 to it my ftp client doesn't want to connect any more.

 

I've noticed that my ftp client is actually connecting using port 8001

but then switches to an arbiutary port number afterwards when

finishing the connection. This port number changes each time, so it's

impossible to add it to the windows firewall! I think this is the

problem. the windows firewall doesn't support port ranges either (to

my knowledge?) so even if I knew a range I couldn't add it to the

firewall.

 

Any help anyone could offer would be greatly appreciated. Many thanks

 

Paul

[Guest Mike]

Re: problems using different different FTP port with windows firewall

 

In message

<1fb53f44-5f2a-4f01-a044-a4165bb9d64e@i12g2000prf.googlegroups.com>

at 08:08:59 on Thu, 3 Jan 2008, Paul <turnerpaul@gmail.com> wrote

>so, for my second ftp site I am using port 8001. it works ok with my

>ftp client with the windows firewall off, but when I turn it on and

>add port 8001 to it my ftp client doesn't want to connect any more.

>

Which FTP client? I had to make changes to mine when I moved to a

different firewall suite

--

Mike News

[Guest Marius Farcas]

Re: problems using different different FTP port with windows firewall

 

Why 8001? I don't you limit the number in the interval 0-1023?

8001 is a registered port. Because of standardization it is possible that

you firewall to not operate with the upper range ports.

There is a site that best describes every port ... Google it

 

"Paul" <turnerpaul@gmail.com> wrote in message

news:1fb53f44-5f2a-4f01-a044-a4165bb9d64e@i12g2000prf.googlegroups.com...

> Hi all. It would be fab if you could help me please!

>

> I need to run 2 ftp sites on the same server (windows server 2003).

> I've got the first one using port 21, but need the second ftp site to

> use a different port I think (unless there's a way to get 2 ftp sites

> working on port 21? binding?).

>

> so, for my second ftp site I am using port 8001. it works ok with my

> ftp client with the windows firewall off, but when I turn it on and

> add port 8001 to it my ftp client doesn't want to connect any more.

>

> I've noticed that my ftp client is actually connecting using port 8001

> but then switches to an arbiutary port number afterwards when

> finishing the connection. This port number changes each time, so it's

> impossible to add it to the windows firewall! I think this is the

> problem. the windows firewall doesn't support port ranges either (to

> my knowledge?) so even if I knew a range I couldn't add it to the

> firewall.

>

> Any help anyone could offer would be greatly appreciated. Many thanks

>

> Paul

[Guest Paul]

Re: problems using different different FTP port with windows firewall

 

> Why 8001? I don't you limit the number in the interval 0-1023?

 

How would I do that? Sorry, I am an FTP newbie!

I googled already and looked at all the official ports, and there's

not one that I could that would be best to use as an alternative ftp

port.

[Guest Marius Farcas]

Re: problems using different different FTP port with windows firewall

 

Port Designations

 

TCP/IP has 65,536 ports available. As you can imagine, some ports are used

much more than

others. Ports are divided into three main groups or designations as follows:

 

Well-known ports These port numbers range from 0 to 1,023. These are the

most commonly

used ports that have been used for the longest period of time.

 

Registered ports These port numbers range from 1,024 to 49,151. Registered

ports are used

by applications or services that need to have consistent port assignments.

These ports, like the

well-known ports, are agreed upon by most organizations for standardization

of use.

 

Dynamic or private ports These port addresses range from 49,152 to 65,535.

These ports are

not assigned to any particular protocol or service and can therefore be used

for any service or

application.

 

It is common for applications to establish a connection on a well-known port

and then move

to a dynamic port for the rest of the conversation. It's important that you

understand port numbers,

because you may be configuring them for communication purposes as well as to

provide

filtering and therefore prevent communication of specified applications or

services.

 

Use the upper ports (>49.152)

 

Let me know if this solved your problem ...

 

 

"Paul" <turnerpaul@gmail.com> wrote in message

news:35dfe6b2-4ca6-4e0e-895b-ce944affb918@i7g2000prf.googlegroups.com...

>

>> Why 8001? I don't you limit the number in the interval 0-1023?

>

> How would I do that? Sorry, I am an FTP newbie!

> I googled already and looked at all the official ports, and there's

> not one that I could that would be best to use as an alternative ftp

> port.

>

[Guest Mike]

Re: problems using different different FTP port with windows firewall

 

In message

<35dfe6b2-4ca6-4e0e-895b-ce944affb918@i7g2000prf.googlegroups.com>

at 01:25:11 on Fri, 4 Jan 2008, Paul <turnerpaul@gmail.com> wrote

>

>> Why 8001? I don't you limit the number in the interval 0-1023?

>

>How would I do that? Sorry, I am an FTP newbie!

>I googled already and looked at all the official ports, and there's

>not one that I could that would be best to use as an alternative ftp

>port.

>

Which FTP client are you using?

--

Mike News

[Guest Anteaus]

Re: problems using different different FTP port with windows firew

 

Re: problems using different different FTP port with windows firew

 

I think you're all missing the point here, which is that FTP uses TWO ports,

control on a default of 21, and (active mode) data on a default of 20.

 

The port 20 connection is outbound, hence needs no router mapping. However,

you cannot have two concurrent services both 'owning' port 20 at the same

time, hence your problem.

 

In most cases the data default cannot be changed. A workaround however is to

use passive mode, which will allow you to set a range of high-order ports for

data, in the FTP server settings. These ports must also be mapped on the

router, of course, as they are inbound connections.

 

Either that, or use an SFTP server such as Filezilla Server.

 

BTW, 'registered ports' don't stand for much as far as private users are

concerned. They are more of a concern for app-developers who want to ensure

their app doesn't clash with others on the same computer.

[Guest Alun Jones]

Re: problems using different different FTP port with windows firew

 

Re: problems using different different FTP port with windows firew

 

"Anteaus" <Anteaus@discussions.microsoft.com> wrote in message

news:78FBFA40-08F1-4982-A9A0-81C59AC1E312@microsoft.com...

> I think you're all missing the point here, which is that FTP uses TWO

> ports,

> control on a default of 21, and (active mode) data on a default of 20.

>

> The port 20 connection is outbound, hence needs no router mapping.

> However,

> you cannot have two concurrent services both 'owning' port 20 at the same

> time, hence your problem.

 

It would be a very broken FTP server that bound its control channel to 8001

and its local end of active data channels to port 20.

 

IIS doesn't do that.

 

IIS does what the RFCs say it should do - if the control channel is 8001,

then the local end of any active data channel is port 8000.

 

Now, it's possible that something else is already bound to port 8000, which

could cause a problem.

 

More likely, the problem is due to a NAT router not recognising that it

needs to translate the IP address or port assignment given in the PORT

command.

 

Try running "ftp -d servername" from the command line, and watch the

commands going out - you'll see that the PORT command just prior to a data

transfer or file listing uses a local IP address. If the client is behind a

NAT, that NAT needs to be able to translate the PORT commands - and it can

only do that, if it knows that the traffic is FTP. It does this through a

software component called an "Application Layer Gateway" (ALG). The ALG in

most NATs is only sophisticated enough to monitor and modify FTP control

traffic on port 21.

> In most cases the data default cannot be changed. A workaround however is

> to

> use passive mode, which will allow you to set a range of high-order ports

> for

> data, in the FTP server settings. These ports must also be mapped on the

> router, of course, as they are inbound connections.

 

You are right that passive mode would help - so would the use of the EPRT

command, or even IPv6, where you don't hide behind a NAT :)

 

Passive mode is most likely the most usable solution, as long as the FTP

server is not behind a NAT.

> Either that, or use an SFTP server such as Filezilla Server.

 

While we're talking about replacing the whole paradigm... If you switch to

SFTP (which is not related to FTP), you will have to get all your users to

switch to an SFTP client.

> BTW, 'registered ports' don't stand for much as far as private users are

> concerned. They are more of a concern for app-developers who want to

> ensure

> their app doesn't clash with others on the same computer.

 

Sure they stand for something - a registered port is one less piece of

configuration information for a user to have to enter into their client app.

 

Alun.

~~~~

[Guest Mike]

Re: problems using different different FTP port with windows firewall

 

what is called

diversion, he is unhappy and more unhappy than the least of his subjects who

plays and diverts himself.

 

Hence it comes that play and the society of women, war and high posts, are

so sought after. Not that there is in fact any happiness in them, or that

men imagine true bliss to consist in money won at play, or in the hare which

they hunt; we would not take these as a gift. We do not seek that easy and

peaceful lot which permits us to think of our unhappy condition, nor the

dangers of war, nor the labour of office, but the bustle which averts these

thoughts of ours and amuses us.

 

Reasons why we like the chase better than the quarry.

 

Hence it comes that men so much love noise and stir; hence it comes that the

prison is so horrible a punishment; hence it comes that the pleasure of

solitude is a thing incomprehensible. And it is, in fact, the greatest

source of happiness in the condition of kings that men try incessantly to

divert them and to procure for them all kinds of pleasures.

 

The king is surrounded by persons whose only thought is to divert the king

and to prevent his thinking of self. For he is unhappy, king though he be,

if he think of himself.

 

This is all that men have been able to discover to make themselves happy.

And those who philosophise on the

[Guest Mike]

Re: problems using different different FTP port with windows firewall

 

of our reason, but by the simple submissions of

reason, that we can truly know ourselves.

 

These foundations, solidly established on the inviolable authority of

religion, make us know that there are two truths of faith equally certain:

the one, that man, in the state of creation, or in that of grace, is raised

above all nature, made like unto God and sharing in His divinity; the other,

that in the state of corruption and sin, he is fallen from this state and

made like unto the beasts.

 

These two propositions are equally sound and certain. Scripture manifestly

declares this to us, when it says in some places: Deliciae meae esse cum

filiis hominum.65 Effundam spiritum meum super omnem carnem.66 Dii estis,67

etc.; and in other places, Omnis caro faenum.68 Homo assimilatus est

jumentis insipientibus, et similis factus est illis.69 Dixi in corde meo de

filiis hominum.70

 

Whence it clearly seems that man by grace is made like unto God, and a

partaker in His divinity, and that without grace he is like unto the brute

beasts.

 

435. Without this divine knowledge what could men do but either become

elated by the inner feeling of their past greatness which still remains to

them, or become despondent at the sight of their present weakness? For, not

seeing the whole truth, they could not attain to perfect virtue. Some

considering nature as incorrupt, others as incurable, they could not escape

either pride or sloth, the two sources of all vice; since they cannot but

either abandon themselves to it through cowardice, or escape it by pride.

For if they knew the excellence of man, they were ignorant of his

corruption; so that they easily avoided sl

[Guest Paul]

Re: problems using different different FTP port with windows firewall

 

of much darkness.

 

The way that grace seems sometimes first to appear, after legal

humiliation, is in earnest longings of soul after God and Christ: to

know God, to love Him, to be humble before Him, to have communion with

Christ in His benefits; which longings, as they express them, seem

evidently to be of such a nature as can arise from nothing but a sense

of the superlative excellency of divine things, with a spiritual taste

and relish of them, and an esteem of them as their highest happiness and

best portion. Such longings as I speak of, are commonly attended with

firm resolutions to pursue this good for ever, together with a hoping,

waiting disposition. When persons have begun in such frames, commonly

other experiences and discoveries have soon followed, which have yet

more clearly manifested a change of heart.

 

It must needs be confessed that Christ is not always distinctly and

explicitly thought of in the first sensible act of grace (though most

commonly He is), but sometimes He is the object of the mind only

implicitly. Thus sometimes when persons have seemed evidently to be

stripped of all their own righteousness, and to have stood

self-condemned as guilty of death, they have been comforted with a

joyful and satisfying view, that the mercy and grace of God is

sufficient for them-that their sins, though never so great, shall be no

hindrance to their b

[Guest Paul]

Re: problems using different different FTP port with windows firewall

 

certain.

 

Contradiction has always been permitted, in order to blind the wicked; for

all that offends truth or love is evil. This is the true principle.

 

903. All religions and sects in the world have had natural reason for a

guide. Christians alone have been constrained to take their rules from

without themselves, and to acquaint themselves with those which Jesus Christ

bequeathed to men of old to be handed down to true believers. This

constraint wearies these good Fathers. They desire, like other people, to

have liberty to follow their own imaginations. It is in vain that we cry to

them, as the prophets said to the Jews of old: "Enter into the Church;

acquaint yourselves with the precepts which the men of old left to her, and

follow those paths." They have answered like the Jews: "We will not walk in

them; but we will follow the thoughts of our hearts"; and they have said,

"We will be as the other nations."

 

904. They make a rule of exception.

 

Have the men of old given absolution before penance? Do this as exceptional.

But of the exception you make a rule without exception, so that you do not

even want the rule to be exceptional.

 

905. On confessions and absolutions without signs of regret.

 

God regards only the inward; the Church judges only by the outward. God

absolves as soon as He sees penitence in the heart; the Church when she sees

it in works. God will make a Church pure within, which confo