Active FTP client blocked by Windows Firewall on Windows 7

Here's the thing: Whether in Active or Passive mode, the server always uses port 20 on it's side for the data connection and connects to the client on whatever port the client specified when it issued the FTP PORT command.

After looking at the Windows 7 firewall it looks like you can create a custom inbound rule that allows connections to any local port from a specific remote port (20) for a given protocol type (TCP). You can also specify the local and remote ip addresses that this rule applies to.

I have to admit that I've never monkeyed around with the Windows firewall but it looks to me like it might work for you.


Instead of adding ports to the Windows Firewall exception list, add the application you need to have access. Windows Firewall will then allow that application to bind and use whatever ports it wishes.


Windows XP/Vista/7 all use the 'Application Layer Gateway Service' as a connection helper for Active FTP. You need to ensure that this service is started for Active FTP to work.

To start it:

  1. Click the Windows Start button
  2. Type 'services.msc' into the search bar and press Enter (the Windows Services panel will pop up)
  3. Scroll down until you find the 'Application Layer Gateway Service'
  4. Look at the 'Status' column, it should say 'Started'.
  5. If not started, double click the service name to get into its options panel.
  6. Change the 'Statup Type' drop down to say 'Automatic'
  7. Click on the button that says 'Start'
  8. Click on 'Apply'
  9. Click 'OK'