My problem is with ftp: While I can connect to a ftp-server (log in works fine), the response to the "ls" command is the following:
425 Can't build data connection: Connection refused.
As far as I can tell, the "cd" command is working fine, if you know the right directories (it shows an error if the directory does not exist).
When I disable TCP/IP filtering on my PC, everything works fine.
I actually only want to block a few ports below 1024 in regards to recently discovered vulnerabilities of Windows, but with the way Windows 2000 has implemented port-filtering this seems not to be possible.
The best security practice is to create a "Deny All" filter and then create an "Allow" filter for the specific ports you want to open on your system. By default the "Any" filter allows access to all the ports. Your FTP problem seems to be a misconfiguration issue. On the other hand you can achieve Port level security by installing filtering software or Personal Firewalls like IP/PORT Blocker and ZoneAlarm. They do a fantastic job.
This was first published in October 2003