Skip to main content

Using a single port for IIS FTP in passive mode

IIS asks for a port range for its FTP server when working in passive mode. The question comes up at this point: Is it possible to use a single port for IIS FTP in passive mode?

The short answer is “Yes”. You can use a single port instead of a port range in your FTP configuration.

Looking for a way to upload files to FTP programmatically by using C#? Check this post out.

How to use single port for IIS FTP?

In order to configure IIS to use a specific port, enter the port number twice with a dash (-) between into “Data Channel Port Range” field. This field is in the “FTP Firewall Support” feature. Example: 6001-6001 for using port 6001. After making this change, restart “Microsoft FTP Service” (Start > Run > services.msc).

single port for IIS FTP

In other words, it is technically possible to use single port for IIS FTP. However, it is not recommended. Using single port will limit the number of “Client IP – Client Port – Server Port” combinations (Source 1, Source 2).This combination uniquely identifies the FTP session. Therefore, using a single server port will result in having one combination which means the concurrent FTP requests may be rejected.

Note: If you see the “Data Channel Port Range” field grayed out, make sure to go to server-level settings to change the port range (Source).

Confirmation

To confirm that the FTP service uses only the assigned port, connect to your FTP host via an FTP client (FileZilla, SmartFTP etc.). Then check the IIS logs in c:\inetpub\logs\LogFiles\FTPSVC2.

single port for IIS FTP logs

If you are using unsecure FTP service, you may see that IIS doesn’t use the port you assigned. Instead, it uses a random port number in the range from 1025 through 65535.

IIS uses the port you assigned in “Data Channel Port Range” field only if you are using secure FTP service. Use an SSL/TLS certificate to secure the connection.

One thought to “Using a single port for IIS FTP in passive mode”

Leave a Reply

Your email address will not be published. Required fields are marked *