Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections

WINDOWS/IIS 2007/06/04 13:10
(Portions of this document are parphrased from or directly copied from Microsoft KB article 555022 by Bernard Cheah, MVP.)

Passive Mode FTP connections are normally required by clients connecting through a NAT firewall or router. The client connects on port 21 and issues a PASV command, the server responds with a port in the 1024-65535 range for the data connection. After a data connection command is issued by the client, the server connects to the client using the port immediately above the client-side port of the control connection. The Windows 2003 SP1 Firewall will prevent PASV FTP from working properly unless exceptions for the ports are created. A metabase property key named PassivePortRange can be configured to specify the port range the server will respond with. This can be used to limit the security risk for the FTP server. The property key only exists in IIS 6.0. Support for IIS 5.0 on Windows 2000 can be added, but the system administrator will need to install Service Pack 4 and add the PassivePortRange key in the system registry. Two ports must be opened for each concurrent FTP connection.

On Windows 2003 Server with IIS6
  • To Enable Direct Metabase Edit
    1. Open the IIS Microsoft Management Console (MMC).
    2. Right-click on the Local Computer node.
    3. Select Properties.
    4. Make sure the Enable Direct Metabase Edit checkbox is checked.
  • Configure PassivePortRange via ADSUTIL script
    1. Click Start, click Run, type cmd, and then click OK.
    2. Type cd Inetpub\AdminScripts and then press ENTER.
    3. Type the following command where the range is specified in "..". cscript.exe adsutil.vbs set /MSFTPSVC/PassivePortRange "5001-5201"
    4. Restart the FTP Publishing Service.
    You'll see the following output, when you configure via ADSUTIL script:

    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

    PassivePortRange : (STRING) "5001-5201"

  • Add each port to the Windows Firewall
    1. Click Start, click Control Panel, open Windows Firewall, and select the Exceptions tab.
    2. Click the Add Port button.
    3. Enter a Name for the Exception and the first number in the port range.
    4. Click TCP if not already selected and click OK.
    5. Repeat for each port in the range - for large ranges see the end of the document.
    6. Enable the Windows Firewall on the General Tab.

On Windows 2000 Server with IIS5 Configure PassivePortRange via Registry Editor
  1. Start Registry Editor (Regedt32.exe).
  2. Locate the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\
  3. Add a value named "PassivePortRange" (without the quotation marks) of type REG_SZ.
  4. Close Registry Editor.
  5. Restart the FTP Publishing Service.
    Note: The range that FTP will validate is from 5001 to 65535.

To add a range of ports to Windows Firewall from the Command Line
  1. Click Start, click Run, type cmd, and then click OK.
  2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in " ".
    FOR /L %I IN (5001,1,5201) DO netsh firewall add portopening TCP %I "Passive FTP"%I
  3. Each port in the range will be added with an "OK" confirmation.



====================================================================================================

윈도우 IIS ftp 의 인증포트를 21번이 아닌 다른 임의의 포트로 변경시 데이타포트 또한 임의의 포트로 변경됩니다.
data 전송 모드중 active 모드(20번포트)가 아닌 passsive 모드로 접속시 서버에서는 임의의 포트가 data 포트로 오픈되어 엘켑 등의 상단 방화벽 설정을 할 수가 없게 됩니다.
이런 경우 passive 포트를 고정하여 위의 문제를 해결하는 방법을 소개합니다.

1. [인터넷 정보 서비스 관리] - [로컬 컴퓨터] - [속성 ] - [메타베이스 직접 편집 허용]에 체크
2. C:\WINDOWS\system32\inetsrv 밑에 metabase.xml 을 메모장으로 연다.
3. <IIsFtpService> 항목에 아래 라인 추가한다.
   PassivePortRange="5001-5001"
  </IIsFtpService>
  이와 같이 설정하게 되면 tcp 5001 로 강제 할당된다.
4. 편집한 metabase.xml 파일을 저장한다
5. IIS 를 다시한번 재시작한다.
6. Ipsec 이나 방화벽이 설정되어있다면 tcp 5001을 추가한다.

Windows 2000 Server 의 경우는 레지스트리 값을 추가해야 한다.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\
에서 REG_SZ 타입의 PassivePortRange 값이름을 추가한다.

값으로는, 5001-5001 을 설정한다.  

참조 : 1000dedi.net



tags : ,
Trackback 79 : Comment 0

Trackback Address :: http://reboot.co.kr/trackback/222

  1. Tracked from 더킹카지노 2018/09/07 20:26 DELETE

    Subject: 에비앙카지노주소

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  2. Tracked from 오바마카지노쿠폰 2018/09/08 20:38 DELETE

    Subject: 바카라사이트

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  3. Tracked from 예스카지노 2018/09/22 14:35 DELETE

    Subject: 바카라사이트 wooricasino.net

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  4. Tracked from 바카라사이트 2018/09/23 00:41 DELETE

    Subject: 바카라사이트 www.title777.com

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  5. Tracked from 우리카지노주소 2018/09/26 07:36 DELETE

    Subject: 우리카지노 shuffle9.info

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  6. Tracked from %anchor_text% 2018/09/30 03:46 DELETE

    Subject: 우리카지노

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  7. Tracked from 오바마카지노 2018/09/30 14:03 DELETE

    Subject: 오바마카지노 shuffle9.xyz

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  8. Tracked from 우리카지노계열 2018/09/30 14:32 DELETE

    Subject: 더킹카지노주소

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  9. Tracked from 바카라쿠폰 2018/10/01 06:08 DELETE

    Subject: 카지노

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  10. Tracked from ac won t turn on 2018/10/05 07:14 DELETE

    Subject: simply click the following webpage

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  11. Tracked from Hvac contractor 2018/10/05 09:54 DELETE

    Subject: Article

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  12. Tracked from 에비앙카지노 2018/10/07 03:57 DELETE

    Subject: 온라인카지노 betman9.net

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  13. Tracked from 초고속인터넷 2018/10/07 23:27 DELETE

    Subject: 인터넷가입

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  14. Tracked from hvac repair 2018/10/07 23:29 DELETE

    Subject: why not look here

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  15. Tracked from 인터넷카지노사이트 2018/10/11 21:04 DELETE

    Subject: 온라인카지노추천

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  16. Tracked from 예스카지노 2018/10/12 11:52 DELETE

    Subject: 예스카지노

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  17. Tracked from 예스카지노주소 2018/10/14 00:35 DELETE

    Subject: 예스카지노사이트

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  18. Tracked from Film Semi 2018/10/28 14:33 DELETE

    Subject: Nonton Film Online

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  19. Tracked from Cara Bermain Poker88 2018/11/01 04:29 DELETE

    Subject: Bandar Ceme

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  20. Tracked from Jadwal Bola Terlengkap 2018/11/02 12:51 DELETE

    Subject: Livescore Sepakbola Terlengkap

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  21. Tracked from BandarQ 2018/11/09 12:32 DELETE

    Subject: Capsa Susun

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  22. Tracked from cara main qiu qiu 2018/11/10 07:17 DELETE

    Subject: main dominobet kiyu kiyu

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  23. Tracked from Agen Poker Online 2018/11/16 14:05 DELETE

    Subject: Poker Uang Asli

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  24. Tracked from 에비앙카지노 2018/11/23 05:17 DELETE

    Subject: 에비앙카지노

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  25. Tracked from Shop For TurboTax Deluxe 2018 2019/01/01 10:35 DELETE

    Subject: Shop Turbotax Deluxe 2018

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  26. Tracked from turbotax deluxe 2018 2019/01/15 16:46 DELETE

    Subject: Can I Deduct Medical Expenses Billed And Paid In 2018 In 2017 Turbotax

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  27. Tracked from FIFA55 2019/01/16 17:45 DELETE

    Subject: FIFA55

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  28. Tracked from Situs Dominoqq Terpercaya 2019/01/22 21:49 DELETE

    Subject: Agen Domino qiu qiu

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  29. Tracked from bitcoin 2019/01/31 11:19 DELETE

    Subject: best bitcoin faucet list

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  30. Tracked from anställning och arvsrätt 2019/03/19 06:30 DELETE

    Subject: blogg om bodelning

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  31. Tracked from Fortnite Hacks 2019/04/08 04:56 DELETE

    Subject: fortnite aimbot

    평소에 알고 있던 악마가 낫다 ::
  32. Tracked from bouppteckning 2019/04/20 07:33 DELETE

    Subject: bouppteckning

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  33. Tracked from äktenskapsförord och bodelningar 2019/04/26 19:34 DELETE

    Subject: äktenskapsförord och bodelningar

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  34. Tracked from BandarQ Terbaik 2019/05/24 16:31 DELETE

    Subject: Situs BandarQ

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  35. Tracked from Domino qq versi terbaru 2019/06/03 12:33 DELETE

    Subject: agenqq365

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  36. Tracked from link qq 2019/06/03 12:45 DELETE

    Subject: poker online

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  37. Tracked from lintaspoker 2019/06/03 14:31 DELETE

    Subject: Artikel Website Domino Poker Terpercaya

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  38. Tracked from discuss 2019/06/06 19:16 DELETE

    Subject: daftar situs judi Slot online terpercaya

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  39. Tracked from 온라인카지노 2019/06/14 10:21 DELETE

    Subject: 온라인카지노

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  40. Tracked from situs judi game slot 2019/07/01 12:42 DELETE

    Subject: judi on line dadu

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  41. Tracked from contoh judul artikel judi online 2019/07/03 16:30 DELETE

    Subject: poker 88 us

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  42. Tracked from agen poker online terpercaya 2019 2019/07/03 20:01 DELETE

    Subject: tournament poker online indonesia

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  43. Tracked from poker online no 1 di indonesia 2019/07/04 18:23 DELETE

    Subject: judi domino99 online

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  44. Tracked from situs agen judi bola 2019/07/05 20:34 DELETE

    Subject: link qq

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  45. Tracked from game poker movie 2019/07/05 22:01 DELETE

    Subject: judi domino qiuqiu

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  46. Tracked from bandarqq terbaru 2019/07/06 13:58 DELETE

    Subject: poker 99 online

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  47. Tracked from kumpulan judi poker online 2019/07/06 16:43 DELETE

    Subject: blog poker online indonesia

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  48. Tracked from situs judi bola online 2019/07/06 20:35 DELETE

    Subject: qiu qiu online uang

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  49. Tracked from poker flash 2019/07/06 21:43 DELETE

    Subject: 99 poker domino

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  50. Tracked from poker online terbaik dunia 2019/07/07 17:21 DELETE

    Subject: poker online terbaik dunia

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  51. Tracked from game poker capsa susun 2019/07/07 19:41 DELETE

    Subject: Poker terpercaya dan terbaik

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  52. Tracked from contoh judul artikel judi online 2019/07/07 21:42 DELETE

    Subject: terpercaya adalah

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  53. Tracked from situs bandar poker Terpercaya 2019/07/07 23:59 DELETE

    Subject: situs bandar poker Terpercaya

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  54. Tracked from situs sakong terbaru 2018 2019/07/08 16:56 DELETE

    Subject: poker online for iphone

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  55. Tracked from mau poker online 2019/07/08 18:08 DELETE

    Subject: terpercaya png

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  56. Tracked from qq poker online terpercaya 2019/07/09 12:13 DELETE

    Subject: Poker Stakes

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  57. Tracked from play 99 cent 2019/07/09 14:46 DELETE

    Subject: poker 888 download

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  58. Tracked from poker online new member 100 2019/07/09 15:59 DELETE

    Subject: situs agen pkv terpercaya

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  59. Tracked from Situs BandarQ 2019/07/11 05:50 DELETE

    Subject: Situs BandarQ

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  60. Tracked from judi domino qiu qiu indonesia terpercaya 2019/07/14 15:38 DELETE

    Subject: agen judi online

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  61. Tracked from Poker online versi android 2019/07/16 21:44 DELETE

    Subject: https://dukunjudionline-27.webself.net

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  62. Tracked from The Poker House 2019/07/17 10:54 DELETE

    Subject: Going At this website

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  63. Tracked from Poker online deposit via pulsa 2019/07/17 11:47 DELETE

    Subject: beritajudionline.strikingly.com

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  64. Tracked from Poker88 lobby 2019/07/17 12:04 DELETE

    Subject: berjudijadikaya.page.tl

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  65. Tracked from artikel poker online indonesia 2019/07/17 13:06 DELETE

    Subject: sneak a peek at these guys

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  66. Tracked from Link alternatif bandar judi qq 2019/07/20 14:46 DELETE

    Subject: https://musimperjudian.weebly.com

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  67. Tracked from agen sakong terbaru 2019 2019/07/20 19:09 DELETE

    Subject: click through the next webpage

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  68. Tracked from id pro pokerace99 2019/07/20 22:02 DELETE

    Subject: to Puncakperjudianbola Doodlekit

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  69. Tracked from agen poker online 2019/07/21 08:24 DELETE

    Subject: agen poker online

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  70. Tracked from 광주안마방 2019/07/23 19:01 DELETE

    Subject: 광주안마방

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  71. Tracked from situs dominoqq online 2019/07/24 03:05 DELETE

    Subject: just click the up coming document

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  72. Tracked from bandar qqdewa 2019/07/24 04:22 DELETE

    Subject: mouse click the up coming web site

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  73. Tracked from judi poker terpercaya 2019/07/24 05:27 DELETE

    Subject: Recommended Browsing

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  74. Tracked from poker online atm bersama 2019/07/24 07:18 DELETE

    Subject: click here to visit sukataruhanbola.withtank.com for free

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  75. Tracked from QQ Online 2019/07/25 21:01 DELETE

    Subject: QQ Online

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  76. Tracked from 화순출장마사지 2019/07/25 22:52 DELETE

    Subject: 화순출장안마

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  77. Tracked from cara bermain poker agar selalu menang 2019/08/30 14:45 DELETE

    Subject: cara bermain poker agar selalu menang

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  78. Tracked from Canadians Seeds 2019/09/04 11:02 DELETE

    Subject: Canadians Seeds

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections
  79. Tracked from blogwomantoday.com 2019/09/09 06:29 DELETE

    Subject: blogwomantoday.com

    평소에 알고 있던 악마가 낫다 :: Windows 2003 Server SP1 Firewall Modification for Passive or PASV FTP Connections

Write a comment