Partager via

Limiting Passive FTP Port Range on IIS 7.0 / IIS 6.0 / IIS 5.0

  • Article

Passive FTP uses a range of ports to transfer data. This can be a problem because the port range that IIS uses has to be opened up at the Firewall. Many administrators would like to limit the port range between specific values so that they can have a better control on the ports that need to be opened on the Firewall. IIS can be configured to limit the port range but with multiple versions of IIS the configuration has changed a bit. So here is how you configure the port range (say 5500-5525) on IIS 5.0 / IIS 6.0 / IIS 7.0 

IIS 5.0
=======
- On IIS 5.0 the Passive FTP Port range is controlled via a registry key

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesMsftpsvcParametersPassivePortRange        REG_SZ          5500-5525

IIS 6.0
=======
- On IIS 6.0 the Passive FTP port range is controlled via a metabase key

/MSFTPSVC/PassivePortRange

adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5525"

IIS 7.0
=======
- IIS 7.0 has two FTP services available

1. Classic FTP Service
-------------------------------------
- The classic FTP service is similar to IIS 6.0 and requires IIS 6.0 Metabase compatibility to be installed
- Here the Passive FTP port range is controlled via the  metabase key

/MSFTPSVC/PassivePortRange

- Similar to IIS 6.0

2. FTP7 Module
--------------------------
- This is an OutOfBand Module that is shipped as an addon
- FTP7 module is used when SSL over FTP is required
- Here the Passive FTP port range is controlled via an entry in applicationHost.config
- You can also set this using the IIS Manager UI

Global Level (Server name) > FTP Firewall Support > Data Channel Port Range

Bookmark and Share

Comments

  • Anonymous
    May 13, 2008
    Passive FTP uses a range of ports to transfer data. This can be a problem because the port range that

  • Anonymous
    June 13, 2008
    I was searching for a way to limit port range on IIS5.0 to run server behind cisco firewall  for like a year and was told that there is no such thing. Thanks!

  • Anonymous
    March 24, 2009
    Ya de regreso por españa aprovecho para comentar un truquillo que he aprendido estos días sobre como

  • Anonymous
    March 15, 2011
    Very Useful and Awesome comparison.

  • Anonymous
    February 05, 2014
    I've tried this on my company's IIS7. The settings does not take effect even after restarting IIS. I had to go into services, fully STOP the "Microsoft FTP Service" and then START it again. Then only it starts honoring the port range. Hopefully this may help someone confused over why the settings does not work.