Re: FTP questions. [7:40266] posted 04/03/2002
- Subject: Re: FTP questions. [7:40266]
- From: "Priscilla Oppenheimer" <cilla@xxxxxxxxxxxxx>
- Date: Wed, 3 Apr 2002 15:42:57 -0500
At 08:41 PM 4/2/02, brian liu wrote:
>1. For FTP data connection type, what is the
>difference between PASSIVE and PORT mode?
Port mode is usually called Active. It used to be the default, although
some newer FTP clients default to Passive now, due to security concerns
With Active mode, the server opens the data connection. First the client
opens the control connection by sending a TCP SYN to the server's port 21.
Then when the user says to do something (get a file or whatever), the
client side sends a PORT command telling the server about an open port
(socket) on the client's side. The server then opens the data connection.
The server sends a TCP SYN from port 20 to the port specified by the
client. This can wreak havoc with firewalls. The client uses a
non-well-known (ephemeral) port number above 1024.
With passive mode, the client sends a PASV command. The server sends a
reply that specifies an ephemeral port number that the client should use
when opening the connection for data transfer. The client sends a SYN from
a client-selected ephemeral port to the server's ephemeral port number,
which was provided to the client in the reply to the client's PASV command.
This can wreak havoc with firewalls too! ;-)
>2. Would the routers configuration(along the path from
>FTP server to client) affect the data transfer while
>using different FTP data connection type?
If it has access lists or some other firewall features, absolutely.
>Background for the above questions:
>When I connect my PC to cable modem directly, I have
>no problem with browsing a FTP site(FTP client is set
>to PASSIVE mode). After I add a router(sorry, it's not
>cisco) between the PC and cable modem, connecting to
>the same FTP server will have an error like "Unable to
>set up passive listening socket". The problem can be
>solved by change the FTP client data connection type
>to PORT mode.
Sounds like the router is also a firewall.
Message Posted at:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx