Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
There are two connection channels involved with establishing FTP.
The first is referred to as the 'Control Channel' and it occurs from the client on a random TCP port number (above 1024) to the server on TCP port 21.
The second is referred to as the 'Data Channel' and depending upon which type of FTP (Normal or Passive) the client selects, this will determine the direction (who initiates it) of connection.
If the client is configured to use Normal FTP then the client informs the server over the already existing 'Control Channel' what TCP port the server should connect to. When the server receives this information the server will establish the 'Data Channel' connection from its TCP port 20 to the client on the TCP port it was told.
If the client is configured to use Passive FTP then it simply informs the server of such over the already existing 'Control Channel'. The server responds with a port number for the client to use and then the client will connect from a TCP port above 1024 to the port number it has been told on the server.
In summary:
With Normal FTP there's one inbound connection and one outbound connection from the perspective of the firewall protecting the FTP server.
With Passive FTP there's two inbound connections from the perspective of the firewall protecting the FTP server.
See if you can put the ftpFirewall() function into use and specify the firewall type 16 ["PASV"] to enable passive mode FTP transfers in your script.
However based upon your statement:
"Checking the firewall log, it seems to pop up when there's an OPEN-INBOUND TCP to the random ftp data transfer port."
It sounds your firewall does not allow for PASV FTP. This begs the question of whether the firewall being used is capable of reading packets to know that the 'Data Channel' connection it is detecting is the result of the client's request to use Passive FTP. Some firewalls (simple packet filtering types) may not have the logic to understand this.
If it is the XP SP2 Firewall than I can attest that it will (by default) prevent the inbound Data Channel used with PASV FTP.
What the OP will probably have to do is either disable the SP2 Firewall or add an exclusion for C:\WINDOWS\system32\inetsrv\inetinfo.exe
Article ID: W16383
File Created: 2005:02:18:12:20:10
Last Updated: 2005:02:18:12:20:10