WINDOWS2008 设置FTP防火墙规则后被拦截的解决办法
阅读原文:http://www.yzswyl.cn/blread-1614.html
配置FTP站点后,开启防火墙后无法连接,添加了21端口,还是不行
解决办法:
在cmd中输入:
1、sc sidtype ftpsvc unrestricted(将ftp服务的注册卸载)
2、net stop ftpsvc & net start ftpsvc(重启ftp服务)
3、netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP div=in(开启所有ftp端口监听)
4、netsh advfirewall set global Statefulftp disable(使防火墙不拦截所有ftp服务的访问)
输入以上命令即可;
原文:
Windows Firewall and secure FTP (FTPS) traffic
SSL traffic will not get any help from the firewall filter for FTP. As a matter of fact it will (most likely) prevent SSL from working. So we have to look for other options on how to enable it.
The easiest way to configure Windows Firewall to allow FTPS traffic is to put the NT service for FTP7 on the inbound exception list. The NT Service name is "Microsoft FTP Service" or "ftpsvc". This service is hosted in generic service process host called svchost.exe so it is not possible to put it on the exception list thought the program exception.
Warning: FTPSVC service doesn’t listen to any ports other than configured endpoints for ftp sites and data connection ports that are setup for data transfers. But you should double check the listening endpoints for FTPSVC by using netstat –n –a –o. The –o switch allows listing the process ID (or PID) of the listening process. Find out the PID for FTPSVC and check the listening endpoints.
The following 4 steps will allow both non-secure and SSL FTP traffic through firewall.
1) FTPSVC service has to get tagged with FTPSVC service SID. It is new security feature introduced for Vista / Windows 2008. "Microsoft FTP Publishing Service for IIS 7.0 RC0" doesn’t have service SID enabled by default so the following command line has to be run to enable service SID.
sc sidtype ftpsvc unrestricted
Note: Changing of sidtype will not be necessary in future releases of Microsoft FTP Publishing Service for IIS 7.0 after RC0 release
2) Restart ftpsvc service for the previous step to take effect
net stop ftpsvc & net start ftpsvc
3) Setup Windows Firewall to allow "ftpsvc" service to listen on all ports it opens.
netsh advfirewall firewall add rule name="FTP for IIS7" service=ftpsvc action=allow protocol=TCP dir=in
4) Make sure that FTP filter for Windows Firewall is disabled
netsh advfirewall set global Statefulftp disable
Warning: Do not use active FTP connections with SSL if client is behind NAT. It will not work.
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构