No announcement yet.

Firewall blocking FTP when run via RUNRMTCMD on Windows 10

  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewall blocking FTP when run via RUNRMTCMD on Windows 10

    I am trying to call a .bat file from RUNRMTCMD. The .bat file includes a couple of ftp commands. These commands run very well interactive on a command prompt. Also, RunRmtCmd runs well when calling another DOS command for example 'DIR'. But when i am trying to call something that has ftp in it from RUNRMTCMD , the command "hangs". Now, when i disable firewall on my windows 10, the command executes. I have inserted inbound and outbound rules for ports 20, 21 for FTP and also port 212 for runrmtcmd (it was also blocked before it inserted this rule). Anyone have an idea how to allow this to execute without dropping the entire firewall? I use Windows Defender firewall.

  • #2
    FTP uses a whole range of ephemeral ports -- not just ports 20 and 21. (And the usage of port 20 is as an origin port, in my experience most people don't understand that.) So if all other ports are blocked, that would explain why this is hanging.

    Here are some things you could try, in the order of my personal preference:
    1. Eliminate the whole approach and redesign it to use REST APIs, instead. (This may be too drastic of a change, though?) Both RUNRMTCMD and FTP are very old protocols that are not secure, and therefore the risks are very high unless protected by a VPN, etc.
    2. Keep RUNRMTCMD, but eliminate FTP and use SSH/SFTP instead. It is MUCH MUCH more secure, and uses only one port (22) so works well with firewalls.
    3. Use FTP in passive mode. Many firewalls allow outgoing connections, but not incoming ones, and passive mode causes the FTP client to make only outbound connections.
    4. Find the ephemeral port range for your particular FTP client and open them through the firewall. I put this last because its somewhat complicated and not very secure.