I have an FTP server that supports passive server mode (using PASV command). This works fine with Windows XP. When I want to access this server from Windows Vista or Windows 7 with firewall enabled I experience an immediate connection shutdown. A reset packet is sent to the server, and the socket is signaled that the server has reset the connection (what is not true).
The problem disappears when the firewall is disabled.
Connections to other FTP servers work correctly. The difference is that the server's response to PASV does not enclose the address field with parentheses. This is legal as documented in RFC-959 and RFC-1132.
How can I configure the firewall to stop this bad behavior?
Best Answer
I don't think that the parenthesis are to blame.
I would rather think that the dynamic port-range allocated by that server disagrees with Vista/7.
For a discussion of the subject, see this article :
The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008
To view the dynamic port range on your computer for ipv4, use the following command :
To set the dynamic port range for TCP, use for example :
More commands are described in the above article.
EDIT : Please note that the Windows firewall may be intelligent enough to open a dynamic port specified in the PASV response, even if this port doesn't fall within its default range for dynamic ports. But it may be that it is still not intelligent enough to understand the response without the parentheses. It may pay to have a look at the possibility of extending the default range for dynamic ports.