Firewall rule for FTP SERVER

Hello all, first off, I’m Ben and I come from a long line of home networking, but despite that Comodo’s firewall is giving me fits!

I’ve been trying for hours now to get my phone to be able to access my home FTP server from the outside to no prevail. I’ve tried just about every possible combination of rules that I can think of and the ONLY one that I’ve been able to even get close to working was setting a global rule to allow TCP in/out on port range 20-21 to my computer’s IP. However, if I try to connect via active FTP I get hung up at “150 opening ASCII mode data connection” or if I try connecting via passive FTP I get hung up at “227 entering passive mode {IP address}”. Anyone know how to get around this? The ports are already forwarded at my router and have been for months. When I was using windows firewall, FTP worked flawlessly, but since I’ve installed CIS after finding out I got a rootkit somewhere on the interwebs, I cannot get FTP to work from the outside. Inside the local LAN works just fine, no problems. ???

I can start by saying that I don’t know a lot of how FTP works but I do know fairly well how CIS works.

It seems you have a global rule to accept the inbound traffic on the right ports, but have you made sure that the application rule for the application in question also has a rule that allows it to accept inbound traffic on the specified ports?

To my knowledge IIS (Internet and Information Services) doesn’t have an application associated with it, but more/less a windows service. Question is, how is it enabled to work in comodo firewall? I think that is the puzzle piece I’m missing. Hoping someone has an answer.

You need to connect using Passive instead of Active mode especially if your behind a NAT Router.

Open Control Panel —> Administrative Tools —> Internet Information Service Manager. Right click ServerName (local computer) and choose Properties. Check —> Direct MetaBase Edit and click OK

Then open Notepad as administrator and browse to —> C:\WINDOWS\system32\inetsrv\MetaBase.xml

Add this text to the bottom of the IisFtpService section —> PassivePortRange=“9000-9020” then save

Open the command prompt as Admin and type iisreset then enter

Open CIS and create a ftp rule for port 20, and port range 9000-9020 *(also Port 21 if you want control access - not recommended and not needed for data)

See if that works.