Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
# set the port range you use for passive mode
# specify any range that FTP Server Host does not use
# example below sets 60000 - 60100 range
PS C:\Users\Administrator> Set-WebConfiguration "/system.ftpServer/firewallSupport" -PSPath "IIS:\" -Value @{lowDataChannelPort="60000";highDataChannelPort="60100";}
# confirm
PS C:\Users\Administrator> Get-IISConfigSection -SectionPath "system.ftpServer/firewallSupport"
IsLocked : False
OverrideMode : Inherit
OverrideModeEffective : Deny
SectionPath : system.ftpServer/firewallSupport
Attributes : {lowDataChannelPort, highDataChannelPort}
ChildElements : {}
ElementTagName : system.ftpServer/firewallSupport
IsLocallyStored : True
Methods :
RawAttributes : {[lowDataChannelPort, 60000], [highDataChannelPort, 60100]}
Schema : Microsoft.Web.Administration.ConfigurationElementSchema
# restart FTP Service
PS C:\Users\Administrator> Restart-Service ftpsvc
# no action is required for Windows firewall as predefined settings exist
PS C:\Users\Administrator> Get-NetFirewallRule -DisplayName "FTP*" | Select Name
Name
----
IIS-WebServerRole-FTP-In-TCP-990
IIS-WebServerRole-FTP-Out-TCP-20
IIS-WebServerRole-FTP-Out-TCP-989
IIS-WebServerRole-FTP-In-TCP-21
IIS-WebServerRole-FTP-Passive-In-TCP
PS C:\Users\Administrator> Get-NetFirewallRule -Name "IIS-WebServerRole-FTP-In-TCP-21" | Get-NetFirewallPortFilter
Protocol : TCP
LocalPort : 21
RemotePort : Any
IcmpType : Any
DynamicTarget : Any
PS C:\Users\Administrator> Get-NetFirewallRule -Name "IIS-WebServerRole-FTP-Passive-In-TCP" | Get-NetFirewallPortFilter
Protocol : TCP
LocalPort : 1024-65535
RemotePort : Any
IcmpType : Any
DynamicTarget : Any
|
