An example of IE access to IIS FTP timeout failure

Today installed IIS FTP on Windows 2003 Server, the server opened Windows Firewall, added an exception: Allow external connection 21 port. After everything is set up, the IE connection can't be opened at all, the status bar shows "Getting the contents of the folder", and finally the "Operation timeout" is prompted.
Log in at the command prompt everything is normal, you can dir directory content, get files, and so on.
Re-adjusted FTP settings, user permissions, NTFS permissions, the problem remains.
Connected with Cuteftp software, found the problem, using PASV mode can not transfer data to use PORT mode everything is normal.
Internet query about FTP connection mode:
FTP connection mode is two, PORT and PASV. The PORT mode is an active mode, and the PASV is a passive mode, which is relative to the server.
PORT mode establishes the data transmission channel initiated by the server. The server uses port 20 to connect to a port of the client that is larger than 1024.
In PASV mode, the establishment of the data transmission channel is initiated by the FTP client. He uses a port larger than 1024 to connect to a server with more than 1024 ports.
If from the perspective of the C/S model, PORT is OUTBOUND for the server, and PASV mode is INBOUND for the server, please pay special attention to this, especially in enterprises that use firewalls, such as Microsoft ISA. Server 2000 releases an FTP server, which is critical. If the settings are wrong, the client will not be able to connect.
[Reference] http://www.microsoft.com/china/community/Column/70.mspx
At this point, the cause of the failure is clear: the server has opened the Windows firewall, and ifly allows the outside world to access the server by adding a port. 21 port, so the FTP control information can be transmitted normally. When using CMD login, because the PORT mode is adopted, the server uses 20 ports to initiate a connection to the client. This outbound process will be released by the Windows firewall, so the data channel can be established. When using IE to log in, the default is PASV mode. The client tries to connect to a port above 1024. This inbound process for the server is filtered by the firewall, so the data channel cannot be established and a timeout error occurs.
Solve this problem from the server or client side:
For the server can open the required port, but the port number of the PASV mode connection is not fixed, can not be through the "add port" way, you can take photos (Figure 1 ) Then make holes in the firewall by "adding programs".
For the client, specifying IE to use only PORT mode can also solve the problem. See Figure 2, IE Tools Menu->
Internet Options-> Advanced-> Remove the checkmark in front of "Use Passive FTP".
Figure 1, Windows Firewall Add Program Exceptions
Figure 2, IE settings do not use PASV mode