Changing FTP Default Ports (Nightmare!)


  • I hope someone can help, we're having a bit of a weird nightmare on Windows Server 2003 at the moment. I'm trying to change the FTP ports used in our FTP connection. I've identified that it gets a fair bit of brute-force attempts and one of the things I'd like to do, for security, is move it from Ports 21/20. Sounds simple enough, right?

    Here's the problem: The FTP Service currently works brilliantly on Port 21. No problems whatsoever. The data port, 20, also works fine -- even thought there's no exception for it in Windows Firewall (a bit weird).

    I want to change the FTP Service to a new port: X. I do this in IIS Manager first. Then in the SERVICES file I change ports ftp and ftp-data to ports X and X-1, respectively. I change the only exception in the Windows Firewall from port 21 to port X.

    I then Stop and Start the FTP site in IIS manager.

    I can remotely connect and athenticate using Active mode, no problem, but I cannot get a directory listing. I'm assuming this is because the data-port isn't being allowed to communicate, even though it was when it was Port 20.

    I have several questions, if anyone could help?

    1. How is port 20 allowed to communicate if there isn't an exception for it in Windows Firewall? 

    As a test, I change the ftp-data port in the SERVICES file back to 20, while keeping the ftp at X. I then restart the FTP site in IIS manager. Checking the active ports, however, I see that when I attempt to connect that X-1 is opened up as a dataport, not 20 like I specified.

    2. Why doesn't altering the SERVICES document change the FTP data port from being X-1?

    And most importantly:

    3. Does anyone know why changing the FTP port as described prevents me from getting a directory listing?

    I'm absolutely perplexed!

    Thanks for any assistance!

    - Johnny

    • Edited by JohnnyW2001 Thursday, June 25, 2009 6:57 PM
    Thursday, June 25, 2009 4:45 PM


  • Hi,


    For the FTP-related issue, I suggest that you post to the IIS forum. The support professionals are better qualified to assist you.


    IIS Forum


    Thank you for your understanding.

    • Marked as answer by JohnnyW2001 Tuesday, June 30, 2009 12:15 PM
    Monday, June 29, 2009 6:34 AM

All replies