Friday, January 09, 2009

FTP Server not working externally in Windows Server 2008

One of the great things now about Windows Server 2008 is the included advanced firewall.  It is very granular and better security is always appreciated.

 

However as with more security usually comes more difficulty is getting rules correct and services working.

Recently we moved our website over to Server 2008 and also our FTP server.  FTP was working fine from the server but any external clients couldn’t browse the contents of the FTP directory.

FTP is kind of one of those funky protocols that really is useful but horrible for security and configuration. 

First thing I recommend is going and getting IIS 7 FTP from Microsoft.  It’s not included in the DVD’s for Windows Server 2008.

The next step is to read the firewall document.

You’ll notice down the doc the part about stateful FTP filtering for data connections…that was our problem.

We needed to issue the following command to get it right:

netsh advfirewall set global StatefulFtp enable

So keep those Windows Firewalls on, don’t just disable them and forget em but dig in a little and keep yourself secure.