I administer a web server in which I block all TCP ports that I do not use thru tcp/ip filtering. We have a program which needs to be able to download a file via FTP. This program will not run unless I open all ports. I have port 21 open which is what FTP uses however FTP uses a dynamic local port number. Is there anyway to set the local port number that FTP uses.

Thanks,
Don Rossiter

ftp uses port 21 and 20 (control and data)...

If you mean the reply port to the client is blocked, then I suggest that you open ports above 1024
(don't worry these are the normal reply ports)...

closing these to all traffic will cause you problems, (not just for FTP), do you not have a way you can close the ports unless there is an established connection?

No I'm using TCP/IP filtering part of Windows 2000. The advanced option under tcp/ip it only allows you to list the ports you want to allow.

do you have logs of what is being blocked?
I was fairly sure that port over 1024 weren't blobked...

you could always try a full firewall package rather than the limited tcp/ip filtering that comes with w2k...

for a good firewall use zonealarm

fuck a firewall

dont you be getting stupid now