FTP'ing client and Passive Mode

[PC Freak]

Using Bullet Proof, when I connect to a certain site I have to use Passive Mode. 1: I don't know what the really means. But that doesn't really matter.
What I'm after is this. I want to connect to the same ftp site by creating a connection in My Network Places (WinXP Home)
I get the login page. So I know it close, but I can't get in. I know the info is correct cause I can get in via Bullet Proof.
I think it may have something to do with Passive Mode. How could I turn it on when using My Network Places to connect to this site?

 

[PC Freak]

bump

 

[gunrunnerjohn]

I've run across the same issue with passive mode, but it appears that IE connects in passive mode by default, because my Comcast web pages seem to insist on passive mode, and I can connect with IE.

 

[buleyb]

FTP uses two ports to connect (in 'active' mode). Port 20 (control information) and port 21 (data). Passive mode eliminates the use of port 20, and passes control information (directory listings, etc, ) over the data port.

PC_Freak is correct that IE will connect in passive mode by default (the reasoning being that most firewalls only forward port 21 for FTP, and passive mode will allow the FTP site to be used through the firewall).

As for how to do it with XPs network places...Not sure, and a quick look turned up nothing. Sorry

 

[rfb]

FTP always uses two sockets, one for the control connection and one for the data connection. Normally, the FTP client establishes the control connection to the FTP server and the FTP server establishes the data connection to the FTP client. However, many/most firewalls block inbound connections. Passive mode FTP allows the FTP client to establish the data connection to the FTP server so that both the control connection and data connection are established from the FTP client to the FTP server.

No advice on using My Network Places for FTP as I don't use it (I use a traditional FTP client for file transfer).

Roy

 

[buleyb]

Originally posted by: rfb
FTP always uses two sockets, one for the control connection and one for the data connection. Normally, the FTP client establishes the control connection to the FTP server and the FTP server establishes the data connection to the FTP client. However, many/most firewalls block inbound connections. Passive mode FTP allows the FTP client to establish the data connection to the FTP server so that both the control connection and data connection are established from the FTP client to the FTP server.

No advice on using My Network Places for FTP as I don't use it (I use a traditional FTP client for file transfer).

Roy

I like the idea, but I don't buy into this...because the passive connections I use are blocked several times from using control ports. Data is good, control is blocked, passive works...any links you have to clarify this?

 

[Scarpozzi]

I like the idea, but I don't buy into this...because the passive connections I use are blocked several times from using control ports. Data is good, control is blocked, passive works...any links you have to clarify this?

The problem with passive, which I just posted in another thread, is that the connection port will jump. Usually it will have a control port of 21 and a connection port of >1024. Then next file transfer then will then be on port >1024+1. The port number will continue to grow. This can cause issues on some routers, firewalls, etc.

 

[Scarpozzi]

One more thing.... I am running an FTP server in active mode for 12,000 clients. I have it set to active/active running on ports 20 and 21. It is totally locked and the ports don't roam. This helps me retain higher security on the server itself and makes sure that port security is at the highest level.

 

[gunrunnerjohn]

Originally posted by: buleyb

Originally posted by: rfb FTP always uses two sockets, one for the control connection and one for the data connection. Normally, the FTP client establishes the control connection to the FTP server and the FTP server establishes the data connection to the FTP client. However, many/most firewalls block inbound connections. Passive mode FTP allows the FTP client to establish the data connection to the FTP server so that both the control connection and data connection are established from the FTP client to the FTP server. No advice on using My Network Places for FTP as I don't use it (I use a traditional FTP client for file transfer). Roy

I like the idea, but I don't buy into this...because the passive connections I use are blocked several times from using control ports. Data is good, control is blocked, passive works...any links you have to clarify this?

FTP is an unusual protocol in that it uses two ports, one for commands and the other for data. (This is one of the reasons it is superior to HTTP for transferring large files.) Active FTP was invented first. The client initiates a connection on the server?s command port. The server then initiates a connection with the client from its data port. In Passive FTP, the client initiates both connections with the server, which remains ?passive?.

Active FTP may cause problems if your client is behind a firewall. From the firewall?s point of view, the FTP server that is trying to initiate a connection with your client looks like an intruder and is usually blocked. This is why many users have difficulty using FTP to download files from behind a firewall.

Passive FTP solves this problem, but creates other problems, notably where FTP server security is concerned. The server must listen on a large number of ports. This requires the firewall to let a lot of unqualified traffic through. Most firewall administrators do not like this.