How to enable FTP Passive Mode for Amazon EC2 server with IIS

Kalel Wade picture Kalel Wade · Oct 20, 2014 · Viewed 9.4k times · Source

I originally had the issue when using pagelime which required users to use passive mode and did not support active mode. Getting active mode to work was pretty straight forward but getting passive to work took a lot more effort.

I am using a Amazon EC2 server with IIS as well as a FTP Site.

Answer

Kalel Wade picture Kalel Wade · Oct 20, 2014

The following link is what finally solved it for me. I will highlight some of the main things below in case the link stops working.

https://forums.aws.amazon.com/thread.jspa?threadID=98905

  1. In IIS, highlight the top-level server (not the FTP site). Click FTP Firewall Support. Under Data Channel Port Range, set a small range, e.g. 41000-41099. Under External IP Address to your Elastic IP Address. Enabling 49152-65535 will work as well but is probably less secure due to the greater number of ports opened.

enter image description here enter image description here enter image description here

  1. Open the Windows firewall for the ftpsvc. Disable the StatefulFtp global setting:

netsh advfirewall firewall add rule name=FTP_Service action=allow service=ftpsvc protocol=TCP dir=in

netsh advfirewall set global StatefulFTP disable

enter image description here

  1. From an administrative command prompt, restart the Microsoft FTP Service to make sure all the changes take effect:

net stop ftpsvc

net start ftpsvc

  1. Open the corresponding 100 ports, e.g. 21 and 41000-41099, in your EC2 Security Group. Or 49152-65535 if you go that route. enter image description here enter image description here