Since PASSIVE FTP seems to be a relative standard (that I experience), and since most clients don’t understand or want to use “ACTIVE” FTP, here is the easy way to configure your firewall and FTP software on an IIS machine to permit PASSIVE FTP.
You’ll need two rules and one “one to one” NAT mapping (this may vary a bit due to your firewall software).
The one to one NAT mapping needs to map the external IP address to the internal IP of the server. Such as “220.127.116.11” mapped to “10.1.1.21”
One rule to allow the world into TCP port 21, mapped to the specific server in question. (Allow * from ANY to 10.1.1.21 TCP port 21).
Second rule, specifically for PASSIVE FTP. Allow * from ANY to 10.1.1.21 on ports range 50000 to 50100.
FTP Server Setup
We normally use Filezilla Server (latest version, of course).
Add a user and setup the standard settings.
Passive settings are as follows (below).
Most importantly, the “X.X.X.X” area below is your PUBLIC IP that is mapped through your firewall.
Click OK and save the settings.
FTP Client Settings
Nothing fancy here, just check to make sure the settings look like this: