Question : Which is safest, PASV or ACTIVE FTP for my Windows 2003 server?

I have an FTP setup on my WIndows 2003 box and I'm at the point of configuring my router to allow certain ports. From what I read, I have to open up ports above 1023 but that doesn't sound safe at all. Which method is better PASV or ACTIVE and what do I have to open up on my firewall for this. I'm really nervous about opening up a bunch of ports, but still need my FTP to work from anyone on the outside, regardless of what FTP client or OS they are using.

Answer : Which is safest, PASV or ACTIVE FTP for my Windows 2003 server?

you dont have to open up ports for ACTIVE - you only have 21 open.  the > 1023 port issue is the originating port from the client.  

Active FTP :
     command : client >1023 -> server 21
     data    : client >1023 <- server 20

PASV ftp means you do have to open up ports > 1023 so that the client can initiate both sessions.

Passive FTP :
     command : client >1023 -> server 21
     data    : client >1023 -> server >1023

So not only is ACTIVE easier to set up - but with less port issues, it would be more secure.  It is just harder for clients to deal with behind firewalls.
Random Solutions  
 
programming4us programming4us