Question : Which is safest, PASV or ACTIVE FTP for my Windows 2003 server?

I have an FTP setup on my WIndows 2003 box and I'm at the point of configuring my router to allow certain ports. From what I read, I have to open up ports above 1023 but that doesn't sound safe at all. Which method is better PASV or ACTIVE and what do I have to open up on my firewall for this. I'm really nervous about opening up a bunch of ports, but still need my FTP to work from anyone on the outside, regardless of what FTP client or OS they are using.

Answer : Which is safest, PASV or ACTIVE FTP for my Windows 2003 server?

you dont have to open up ports for ACTIVE - you only have 21 open. the > 1023 port issue is the originating port from the client.

Active FTP :
command : client >1023 -> server 21
data : client >1023 <- server 20

PASV ftp means you do have to open up ports > 1023 so that the client can initiate both sessions.

Passive FTP :
command : client >1023 -> server 21
data : client >1023 -> server >1023

So not only is ACTIVE easier to set up - but with less port issues, it would be more secure. It is just harder for clients to deal with behind firewalls.

Random Solutions

Can the Winsock Control in eVB support wireless programing for pocket PC??

mail server problem smtp to lan works but does not reach internet mail boxes

DNS Forwarders on Domain Controllers

should the reverse dns lookup reference the sending exchange server or the forwarding receiver?

DynDNS vs ChangeIP for SonicWall DDNS

Auto-Reply on Exchange 2003

Wireless connection between houses

Cannot add new Domain Controller

"TCP/IP network transport is not installed".

Help! I can't access my website!