I hope someone can help, we're having a bit of a weird nightmare on Windows Server 2003 at the moment. I'm trying to change the FTP ports used in our FTP connection. I've identified that it gets a fair bit of brute-force attempts and one of the things I'd like to do, for security, is move it from Ports 21/20. Sounds simple enough, right?
Here's the problem: The FTP Service currently works brilliantly on Port 21. No problems whatsoever. The data port, 20, also works fine -- even thought there's no exception for it in Windows Firewall (a bit weird).
I want to change the FTP Service to a new port: X. I do this in IIS Manager first. Then in the SERVICES file I change ports ftp and ftp-data to ports X and X-1, respectively. I change the only exception in the Windows Firewall from port 21 to port X.
I then Stop and Start the FTP site in IIS manager.
I can remotely connect and athenticate using Active mode, no problem, but I cannot get a directory listing. I'm assuming this is because the data-port isn't being allowed to communicate, even though it was when it was Port 20.
I have several questions, if anyone could help?
1. How is port 20 allowed to communicate if there isn't an exception for it in Windows Firewall?
As a test, I change the ftp-data port in the SERVICES file back to 20, while keeping the ftp at X. I then restart the FTP site in IIS manager. Checking the active ports, however, I see that when I attempt to connect that X-1 is opened up as a dataport, not 20 like I specified.
2. Why doesn't altering the SERVICES document change the FTP data port from being X-1?
And most importantly:
3. Does anyone know why changing the FTP port as described prevents me from getting a directory listing?
I'm absolutely perplexed!
Thanks for any assistance!
- Edited by JohnnyW2001 Thursday, June 25, 2009 6:57 PM