- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: FTP questions. [7:40266] posted 04/03/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

At 08:41 PM 4/2/02, brian liu wrote:
>1. For FTP data connection type, what is the
>difference between PASSIVE and PORT mode?

Port mode is usually called Active. It used to be the default, although 
some newer FTP clients default to Passive now, due to security concerns 
with Active.

With Active mode, the server opens the data connection. First the client 
opens the control connection by sending a TCP SYN to the server's port 21. 
Then when the user says to do something (get a file or whatever), the 
client side sends a PORT command telling the server about an open port 
(socket) on the client's side. The server then opens the data connection. 
The server sends a TCP SYN from port 20 to the port specified by the 
client. This can wreak havoc with firewalls. The client uses a 
non-well-known (ephemeral) port number above 1024.

With passive mode, the client sends a PASV command. The server sends a 
reply that specifies an ephemeral port number that the client should use 
when opening the connection for data transfer. The client sends a SYN from 
a client-selected ephemeral port to the server's ephemeral port number, 
which was provided to the client in the reply to the client's PASV command. 
This can wreak havoc with firewalls too! ;-)

>2. Would the routers configuration(along the path from
>FTP server to client) affect the data transfer while
>using different FTP data connection type?

If it has access lists or some other firewall features, absolutely.

>Background for the above questions:
>When I connect my PC to cable modem directly, I have
>no problem with browsing a FTP site(FTP client is set
>to PASSIVE mode). After I add a router(sorry, it's not
>cisco) between the PC and cable modem, connecting to
>the same FTP server will have an error like "Unable to
>set up passive listening socket". The problem can be
>solved by change the FTP client data connection type
>to PORT mode.

Sounds like the router is also a firewall.



Priscilla Oppenheimer

Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx