HOWTO: Windows Firewall and BPFTP Server 2011

Windows Version: Windows Server 2008 R2, Windows Server 2008, Windows 7/Vista

By default, the latest versions of Windows protects your computer with the Windows Firewall with Advanced Security, effectively blocking access to your computer from the internet and would-be hackers (Getting Started Guide).

However, this also prevents ftp-clients from accessing your installation of BulletProof FTP Server 2011 unless you “open the firewall” to allow access. This means, you must open at least two ports; one for the control-connect and 1 (one) data-port for every concurrent connection to the ftp-server.

NOTE: It’s very common for people to think that only 1 (ONE) port is needed for FTP (default tcp/ip port 21). However, this is NOT the case as you need to define data-ports in order to support Passive-Mode (PASV).


Configuring the Windows Firewall and BPFTP Server 2011 is very simple, but it takes a few steps. Below, we’ve broken down the process:
1) Configure BPFTP Server 2011 for NAT/Firewall and Passive-Mode (PASV)
2) Open the Windows Firewall up for the BPFTP Server 2011
3) Open the Windows Firewall up for the Control-Connection
4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)
5) Completed Entries in Windows Firewall

LASTLY: Be sure to run your installation through our Firewall Tester. After providing the IP/Host, Port, User and Password for your installation, this tester will simulate a ftp-user can connect to your BPFTP Server. Please use it!
http://bpftpserver.com/products/bpftpserver/windows/test/firewall

NOTE: If you are running any Anti-Virus or Internet-Security software on your computer (McAfee, Norton, etc) you may also be protected by yet-another-software-based-firewall. Please consult the documentation that came with your software for opening up firewall-ports.

NOTE: Almost everyone has a hardware-based NAT/Firewall router in their network topology. For Home Users, this is usually your WiFi-Router. Please look into the documentation that came with your hard-based NAT/Firewall router for information on opening firewall-ports.

Step-by-Step Directions


BPFTP Server - NAT/Firewall Configuration
Step #1.1: BPFTP Server - NAT/Firewall Configuration

BPFTP Server - Use DNS for PASV
Step #1.2: BPFTP Server - Use DNS for PASV

BPFTP Server - Use Static IP for PASV
Step #1.3: BPFTP Server - Use Static IP for PASV

BPFTP Server - Configure Data-Ports
Step #1.4: BPFTP Server - Configure Data-Ports

Back to Top

2) Open the Windows Firewall up for the BPFTP Server 2011

Open Windows Firewall
Step 2.0: Open Windows Firewall

Create New Firewall-Rule
Step 2.1 Create New Firewall-Rule

Choose Firewall-Rule Type
Step 2.2: Choose Firewall-Rule Type

Browse for Program
Step 2.3: Browse for Program

Choose Program-Path
Step 2.4: Choose Program-Path

Confirm Program-Path
Step 2.5: Confirm Program-Path

Choose Allow
Step 2.6: Choose Allow

Select Firewall Domain
Step 2.7: Select Firewall Domain

Name Firewall-Rule
Step 2.8: Name Firewall-Rule

Back to Top

3) Open the Windows Firewall up for the Control-Connection

Open Windows Firewall
Step 3.0: Open Windows Firewall

Create New Firewall-Rule
Step 3.1: Create New Firewall-Rule

Choose Firewall-Rule Type
Step 3.2: Choose Firewall-Rule Type

Specify Port for Control-Connection
Step 3.3: Specify Port for Control-Connection

Choose Allow
Step 3.4: Choose Allow

Select Firewall Domains
Step 3.5: Select Firewall Domains

Name Firewall-Rule
Step 3.6: Name Firewall-Rule

Back to Top

4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)

Open Windows Firewall
Step 4.0: Open Windows Firewall

Create New Firewall-Rule
Step 4.1: Create New Firewall-Rule

Choose Firewall-Rule Type
Step 4.2: Choose Firewall-Rule Type

Specify Port for Data-Ports
Step 4.3: Specify Port for Data-Ports

Choose Allow
Step 4.4: Choose Allow

Select Firewall Domains
Step 4.5: Select Firewall Domains

Name Firewall-Rule
Step 4.6: Name Firewall-Rule

Back to Top

5) Completed Entries in Windows Firewall

Completed Entries in Windows Firewall
Step 5: Completed Entries in Windows Firewall

Back to Top

Create a Login-Message with Recently Uploaded Files

Let’s say you want to create a login-message for a ftp-user, to display the most recently uploaded files. Commonly this is called a “Message-of-the-Day” aka MOTD.

First, you’ll need to setup a directory structure for your BPFTP Server installation. I commonly create a “bin” directory and then go from there. Here is a write-up on setting up directory structures.

Next, you’ll want to create a batch-file with the following lines (save this to your “bin” directory as “event-fileuploaded.cmd”:

@echo off
echo %DATE% %TIME% – File Uploaded [%1] for %2 bytes >> c:\ftp\motd.txt

Thirdly, you’ll need to connect this batch-file to the “OnFileUpload” event under the “Events Manager” in BPFTP Server (Ctrl-E). Scroll down until you see the event, then Check-ON the option “Execute” and put in the following command-line:

c:\ftp\bin\event-fileuploaded.cmd %FILE %FILESIZE

Lastly, you need to edit the user which can see the MOTD in “User Accounts” (Ctrl-U) and click on the ftp-user and then “Links & Messages”, Check-ON the “Show Login Message” and type in “c:\ftp\motd.txt” for the file to display.

That’s it! You can test this by logging into the ftp-server, upload a file and then log-in again to see the MOTD!