0

I use C# FtpClient library to upload a file. The connection is established after I set custom port 3072, because I set client.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;

But when I am going to go through

client.GetFilePermissions("/Test.txt");
client.UploadFile(@"C:\Users\Desktop\Test.txt", "/Test.txt");

it will always shows exception

Unable to read data from the transport connection: An attempt was made to access a socket in a way forbidden by its access permissions.

If I turn Windows Firewall off, file can be uploaded successfully.

I want to know what policy should I set on Windows firewall to allow me touch remote file and upload it.

Current my firewall setting:

  • (Inbound)
    Local port 3072,80,20,21,1023
    Remote port 3072,80,20,21,1023

  • (Outbound)
    Local port 3072,80,20,21,1023
    Remote port 3072,80,20,21,1023

My complete code

FtpClient client = new FtpClient();
client.Host = "xx.xx.xx.xx";
client.Credentials = new NetworkCredential(UserName, Password);
client.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;

client.Connect();
if (client.IsConnected)
{
    Console.WriteLine("Connected");
    client.DataConnectionEncryption = true;
    var resutl = client.GetFilePermissions("/Test.txt");
    client.UploadFile(@"C:\Users\Desktop\Test.txt", "/Test.txt");
}
else
{
    Console.WriteLine("No Connetion");
}
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Kun-Yao Wang
  • 192
  • 1
  • 3
  • 16
  • There may be some relevant information here : https://serverfault.com/questions/401304/active-ftp-client-blocked-by-windows-firewall-on-windows-7 - also try asking the question on that site as it appears more relevant than SO. – PaulF Jun 22 '17 at 15:53
  • If you believe it's firewall issue only, your question is off-topic on Stack Overflow, move it to Super User. - And you have to show us some log file. And more of your code! Or at least tell us if you are using passive or active mode. – Martin Prikryl Jun 23 '17 at 05:15
  • @MartinPrikryl Thanks for reminding. now I plus my code. I have no any other log but the exception message. can I set my FTP code as passive or active? – Kun-Yao Wang Jun 23 '17 at 07:05
  • *The connection is established after I set custom port 3072, because I set client.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;* - That sentence does not make sense to me - What is relation of `SslProtocols.Tls12` to port 3072? – Martin Prikryl Jun 23 '17 at 07:38
  • I set 3072 because i saw the answer in this question https://stackoverflow.com/questions/28286086/default-securityprotocol-in-net-4-5 – Kun-Yao Wang Jun 23 '17 at 07:42
  • There's not a word about 3072 being a port number. It's a numeric value `Tls12` element of `SecurityProtocolType` enumeration! – Martin Prikryl Jun 23 '17 at 07:55

3 Answers3

0

If you indeed block all outbounds/inbound ports, except those listed, FTP can hardly work.

FTP protocol uses a separate transfer connection port range, either outbound (recommended passive mode) or inbound (active mode).

To setup the passive mode, you have to find out, what port range does the FTP server uses, and enabled that in the firewall.

For details, see my article on network setup for FTP protocol.

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
0

  • Open an Administrator command-prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as Administrator.

  • Run the following command:

1.netsh advfirewall firewall add rule name=”FTP Service” action=allow service=ftpsvc protocol=TCP dir=in

2.netsh advfirewall set global StatefulFTP disable

https://technet.microsoft.com/en-us/library/dd421710(v=WS.10).aspx

Kun-Yao Wang
  • 192
  • 1
  • 3
  • 16
  • That cannot help with TLS/SSL encrypted connections. Firewall cannot inspect encrypted connections. + You answer has to work on its own, even if a link breaks. So please include the command into your answer. – Martin Prikryl Jul 17 '17 at 10:26
  • But that's not, what your question was about. Your answer should at least mention that your gave up on security. The answer is wrong without that information. – Martin Prikryl Jul 21 '17 at 09:49
-1

Is it a passive FTP server? If so you may need to open the range of ports like explained here:

https://technet.microsoft.com/en-us/library/083f7757-ad9f-421a-9cde-7a053f3de9a6

Manuel Fernández Santo Tomás
  • 1
  • 1
  • I am unable to set remote FTP, I just think maybe some policy is set in my firewall to block it – Kun-Yao Wang Jun 22 '17 at 15:58
  • I asked them, they use passive FTP server, now I open inbound local port 1024~65535 and outbound remote port 21 and 20, but it still does not work – Kun-Yao Wang Jul 06 '17 at 08:55