1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

FTP site on non-standard port?

Discussion in 'Plesk for Windows - 8.x and Older' started by inCharge.co.uk, Mar 11, 2007.

  1. inCharge.co.uk

    inCharge.co.uk Guest

    I'm trying to set up an FTP site to access files outside of the Plesk file structure, to upload & download files that I don't want Plesk to backup.

    Rather than mess with Plesk's FTP setup, I setup a seperate FTP site in IIS manager on a non-standard port and enabled the port in the Plesk firewall.

    I also setup a user account in the Windows user manager and grant it permission to access that disk space.

    The FTP client authenticates OK, but then I get 'Invalid PORT Command'.

    Any ideas?

  2. inCharge.co.uk

    inCharge.co.uk Guest

    The problem is the 2nd FTP channel for data. But that could be any one of a wide range of ports. Windows Firewall doesn't allow you to open a range of ports.

    This page suggests opening all ports individually. Is this really necessary?

    IIS FTP is working fine on port 21. I can't see firewall exceptions that would allow its data channels. How does that work?

    If the firewall is switched off then there's no problem, but that's not an option.
  3. inCharge.co.uk

    inCharge.co.uk Guest

    To enable FTP on a non-standard port, specify every possible data channel port individually as a firewall exception. But first, reduce the number of possible ports by configuring the range like so:

    cscript c:\Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "10000-10007"

    Then restart the service.
    This example allocates 8 ports in the range 10000 to 10007.
    The lower value must be greater than 5000, otherwise the FTP service will not restart.
    Make sure that this range doesn't conflict with any other services using the non-standard port range (1025-65535).
    (It's good practice to know what ports are used by what and minimise them to reduce the attack surface.)

    This property can be set only at the service level i.e. for all FTP sites. You can't set the range individually per site or IP address.
    To query the current value use the command:

    cscript c:\Inetpub\AdminScripts\adsutil.vbs enum /MSFTPSVC

    If PassivePortRange isn't among the settings listed, then it's using the default 1025-5000