WINDOWS2008 设置FTP防火墙规则后被拦截的解决办法
2012-12-05 19:24
603 查看
阅读原文:http://www.yzswyl.cn/blread-1614.html
配置FTP站点后,开启防火墙后无法连接,添加了21端口,还是不行
解决办法:
在cmd中输入:
1、sc sidtype ftpsvc unrestricted(将ftp服务的注册卸载)
2、net stop ftpsvc & net start ftpsvc(重启ftp服务)
3、netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP div=in(开启所有ftp端口监听)
4、netsh advfirewall set global Statefulftp disable(使防火墙不拦截所有ftp服务的访问)
输入以上命令即可;
原文:
Windows Firewall and secure FTP (FTPS) traffic
SSL traffic will not get any help from the firewall filter for FTP. As a matter of fact it will (most likely) prevent SSL from working. So we have to look for other options on how to enable it.
The easiest way to configure Windows Firewall to allow FTPS traffic is to put the NT service for FTP7 on the inbound exception list. The NT Service name is "Microsoft FTP Service" or "ftpsvc". This service is hosted in generic service process host called svchost.exe so it is not possible to put it on the exception list thought the program exception.
Warning: FTPSVC service doesn’t listen to any ports other than configured endpoints for ftp sites and data connection ports that are setup for data transfers. But you should double check the listening endpoints for FTPSVC by using netstat –n –a –o. The –o switch allows listing the process ID (or PID) of the listening process. Find out the PID for FTPSVC and check the listening endpoints.
The following 4 steps will allow both non-secure and SSL FTP traffic through firewall.
1) FTPSVC service has to get tagged with FTPSVC service SID. It is new security feature introduced for Vista / Windows 2008. "Microsoft FTP Publishing Service for IIS 7.0 RC0" doesn’t have service SID enabled by default so the following command line has to be run to enable service SID.
sc sidtype ftpsvc unrestricted
Note: Changing of sidtype will not be necessary in future releases of Microsoft FTP Publishing Service for IIS 7.0 after RC0 release
2) Restart ftpsvc service for the previous step to take effect
net stop ftpsvc & net start ftpsvc
3) Setup Windows Firewall to allow "ftpsvc" service to listen on all ports it opens.
netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP dir=in
4) Make sure that FTP filter for Windows Firewall is disabled
netsh advfirewall set global Statefulftp disable
Warning: Do not use active FTP connections with SSL if client is behind NAT. It will not work.
参考地址:http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx
配置FTP站点后,开启防火墙后无法连接,添加了21端口,还是不行
解决办法:
在cmd中输入:
1、sc sidtype ftpsvc unrestricted(将ftp服务的注册卸载)
2、net stop ftpsvc & net start ftpsvc(重启ftp服务)
3、netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP div=in(开启所有ftp端口监听)
4、netsh advfirewall set global Statefulftp disable(使防火墙不拦截所有ftp服务的访问)
输入以上命令即可;
原文:
Windows Firewall and secure FTP (FTPS) traffic
SSL traffic will not get any help from the firewall filter for FTP. As a matter of fact it will (most likely) prevent SSL from working. So we have to look for other options on how to enable it.
The easiest way to configure Windows Firewall to allow FTPS traffic is to put the NT service for FTP7 on the inbound exception list. The NT Service name is "Microsoft FTP Service" or "ftpsvc". This service is hosted in generic service process host called svchost.exe so it is not possible to put it on the exception list thought the program exception.
Warning: FTPSVC service doesn’t listen to any ports other than configured endpoints for ftp sites and data connection ports that are setup for data transfers. But you should double check the listening endpoints for FTPSVC by using netstat –n –a –o. The –o switch allows listing the process ID (or PID) of the listening process. Find out the PID for FTPSVC and check the listening endpoints.
The following 4 steps will allow both non-secure and SSL FTP traffic through firewall.
1) FTPSVC service has to get tagged with FTPSVC service SID. It is new security feature introduced for Vista / Windows 2008. "Microsoft FTP Publishing Service for IIS 7.0 RC0" doesn’t have service SID enabled by default so the following command line has to be run to enable service SID.
sc sidtype ftpsvc unrestricted
Note: Changing of sidtype will not be necessary in future releases of Microsoft FTP Publishing Service for IIS 7.0 after RC0 release
2) Restart ftpsvc service for the previous step to take effect
net stop ftpsvc & net start ftpsvc
3) Setup Windows Firewall to allow "ftpsvc" service to listen on all ports it opens.
netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP dir=in
4) Make sure that FTP filter for Windows Firewall is disabled
netsh advfirewall set global Statefulftp disable
Warning: Do not use active FTP connections with SSL if client is behind NAT. It will not work.
参考地址:http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx
相关文章推荐
- WINDOWS2008 设置FTP防火墙规则后被拦截的解决办法
- WINDOWS2008 设置FTP防火墙规则后被拦截的解决办法
- WINDOWS2008 设置FTP防火墙规则后被拦截的解决办法
- WINDOWS2008 设置FTP防火墙规则
- Windows2008防火墙入站规则的设置浅议
- Windows2003和Windows2008防火墙导致FTP服务器不能访问的解决方法
- server2008,本机可以登录ftp,其他机器登录不了解决办法。肯定是防火墙的问题
- 搭建windows server 2008 r2 FTP 后 开启防火墙无法访问的解决办法
- 【水晶玻璃鞋 11】解决Filezilla server 搭建的FTP服务器本机可以访问,而其他主机无法访问的办法(不关防火墙)
- 设置Serv-U FTP 支持被动模式连接 ,530错误等解决办法
- 关于水星mw305R路由器无法设置转发规则,无法ddns的解决办法
- 搭建windows server 2008 r2 FTP 后 开启防火墙无法访问的解决办法
- Windows2008防火墙入站规则的设置浅议
- 设置Serv-U FTP 支持被动模式连接 ,530错误等解决办法集锦
- server2008,本机可以登录ftp,其他机器登录不了解决办法。肯定是防火墙的问题
- 搭建windows server 2008 r2 FTP 后 开启防火墙无法访问的解决办法
- Windows2003 II6.0 FTP 开了防火墙 FTP不能正常工作的解决办法
- FTP服务器的防火墙通用设置规则介绍
- Windows 2003 防火墙开启后无法访问FTP解决办法
- 配置 windows server FTP开启防火墙例外后然然无法访问的解决办法