After installing the RC0 of the IIS7 FTP service on Server 2008, I had some local Windows Firewall issues.
AbstractThis post is the first one from the mini-series on firewall configuration for FTP7 (full product name: Microsoft FTP Publishing Service for IIS 7.0). The goal of this post if to provide instructions on how to setup local Windows Firewall to enable access to FTP over non-secure or secure connections. This post does NOT address IP address translation related issues and other issues that apply when there is an external firewall (such as ISA server) between client and server.
BackgroundIt is often a challenge to setup firewall rules for FTP server to work correctly. The root cause for this challenge lies in the FTP protocol architecture. Each FTP client requires 2 connections to be maintained between client and server.FTP commands are transferred over connection called control channel. That is the one that typically connects to well known FTP port 21. Any data transfer, such as directory listing, upload and download happen on secondary connection called data channel.
To open port 21 on firewall is an easy task. But having port 21 opened ONLY means that clients will be able to connect to FTP server, authenticate successfully, create, delete directories but will NOT be able to see directory listings or be able to upload/download files. It is because data connections for FTP server are not allowed to pass through the firewall.
Many firewalls simplify the challenge with data connections by scanning FTP traffic and dynamically allowing data connections through. Some firewalls enable such filters by default but it is not always the case. These firewall filters are able to detect what ports are going to be used for data transfers and temporarily open them on firewall so that clients can open data connections. Windows Firewall has such filter. It is called StatefulFtp.
Guide
http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx
I've also created a PDF, here. 3 pages, nicely formatted for printing.