dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
28513
share rss forum feed


Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

3 recommendations

REFERENCE: FTP Modes and Ports

Here is why it is such a pain to get any Network Address Translator (NAT) routing device like the LinkSys to run FTP - either as a client or server.

I hope you're already aware what a client and a server are. For FTP...
Clients can be programs such as MSIE, Netscape, WS_FTP, CuteFTP, BPFTP, FlashFTP, ftp commandline, etc.
Servers are programs such as ftpd, wu-ftpd, BPFTPServer(G6ftp), Serv-U, IIS, etc.

FTP uses 2 TCP connections (or channels), 1 for control and one for data.
The standard control connection is TCP port 21.
The default data connection (and extremely rare to see - you can almost forget it exists) is port 20.

When an FTP connection is made but listing a directory or sending data fails it is almost ALWAYS the data connection at fault! This is by far the most common problem encountered in FTP connections.

FTP has 2 modes, PORT (also called "regular" or "normal" mode) and PASV ("passive" mode for clients behind firewalls).

The client determines the mode that will be used (or attempted as the case may be)...
If the client issues a PORT command, it is attempting "PORT" mode.
If the client issues a PASV command, it is attempting "PASV" mode.
If the client does not issue either command, PORT mode is assumed using port 20 for data (again, very rare these days).

In PORT mode, the client (yes to CLIENT!) is the server end of the data channel.
In PASV mode, the server is the server end of the data channel.

The difference between PORT and PASV modes is which end plays "server" for the data channel!

If you are going to use FTP regularly, get to know how to read logs and what the PORT and PASV commands do!
Here's some help...

Client> PORT 12,34,56,78,65,43
Server> 200 PORT command successful.

In this example of PORT mode the client has said it will be listening on IP address 12.34.56.78 on TCP port 16683 for the data channel.
(Note: the port is the 65,43 pair and is: 65x256 + 43 = 16683).
The client is the server for the data channel so if behind an NAT, port 16683 better be forwarded!

Client> PASV
Server> 227 Entering Passive Mode (123,45,67,89,158,26)

In this example of PASV mode the server has said it will be listening on IP address 123.45.67.89 on TCP port 40474 for the data channel.
(Note: the port is the 158,26 pair and is: 158x256 + 26 = 40474).
The server needs this data channel to be forwarded along with the control channel!

Important Note - How the LinkSys helps a bit and why your log can fool you:
The LinkSys BEFSRx1 (as of f/w 1.39) translates and then forwards the data port correctly for a PORT command from a client on the LAN - but ONLY IF the command channel is port 21 (the standard ftp command port). THIS IS NOT TRUE ON NON-STANDARD COMMAND PORTS!
This means the client's log will say: PORT 192,168,1,5,9,27... BUT...
1) The server end will see the 192.168.1.5 LAN address changed to the WAN address.
2) The LinkSys will forward the data port (port 9x256 + 27 = 2331 in this case) to the LAN PC that connected.
These 2 things are done automatically by the LinkSys.

Some servers and clients know how to handle FTP modes behind an NAT!
Notice PORT and PASV commands involve an IP address and a port for the data channel.
One problem is the client or server in on a LAN but needs the WAN address to be sent.
The other problem is the client or server needs to have the data channel port forwarded - if it is the server end of the data channel.
Both IP and port ranges is handled by some clients and servers. Here's some I know about:

Servers that can do PASV mode behind an NAT firewall:
wu-ftpd
BPFTPServer
Serv-U

Clients that can do PORT mode behind an NAT firewall:
FlashFXP
BPFTP

BAD NEWS FOR DYNAMIC IPs! These servers and clients have a setting for the port range that must be forwarded and the IP address to send. Unfortunately, as of this writing, none of these has the ability to change that IP address dynamically (but look for some soon I hope!).

Additional Stuff:
FTP and the LinkSys Router
FTP and LinkSys Routers - How Much Interest?
Setting Up BPFTPServer to run PASV



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

Adding one of the best links I've seen in years how FTP modes work:

Active FTP vs. Passive FTP, a Definitive Explanation

"PORT" is the same as "Active" mode.
"PASV" is the same as "Passive".
(yeah, all we need is MORE terms for the same thing )
Follow this link carefully and you'll be an expert.

EDIT: Credit to the place I found this link:

Path: news.grc.com!.
From: "Jack Benny"
Newsgroups: grc.linkfarm,grc.shieldsup
Subject: Re: Passive FTP?
Date: Tue, 20 Nov 2001 15:32:33 -0500
(This is a Steve Gibson maintained news server)
[text was edited by author 2001-11-20 21:06:40]



kdshapiro

join:2000-03-29
Eatontown, NJ
reply to Bill_MI

U DA MAN!
--
Ken



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

Hi Ken. I posted this Sept 3 but added that link just today. I guess it acted like a *bump*. The original was to help people tell what's going on through their logs.

One of the worst things about FTP is settings tend to lie (MSIE 5.5/SP2 and 6.0 are in that category) - only logs tell you what the darn things are really doing.



kdshapiro

join:2000-03-29
Eatontown, NJ
reply to Bill_MI

Very great info.

I meant to post this, cause I think something changed between 1.40.1 and 1.40.2 in terms of passive mode in IE. 1.40.1 need passive mode..1.40.2 seems to require it be turned off. Anybody notice?
--
Ken



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

I don't see that here, Ken. On standard port 21 the LinkSys should do either mode. Maybe the server couldn't do PASV when you HAD to turn off PASV. This is very common for personal servers. ftp.linksys.com is a good site - they do both modes fine.



kdshapiro

join:2000-03-29
Eatontown, NJ
Reviews:
·Optimum Online
reply to Bill_MI

BTW Bill - I wanted to thank you for the information you provided here and your good attitude toward the forum. Although I don't post that much in this forum because some of the detail networking issues are more than my knowledge, I still read all the posts and try to help where it's possible. But you and some others have gone beyond the call of duty in providing information....Keep it up...
--
Ken


System

I agree completely with Ken. Bill the inoformation you are providing is wonder full Good job man



Moose2

join:2002-02-23
Albany, NY

Here's an article that describes IIS's FTP server and its support for active/passive modes. It also describes the different Microsoft FTP clients:

»support.microsoft.com/default.as···;Q283679
[text was edited by author 2002-03-03 15:59:32]



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

Hi Moose. Good link!

But interesting they got this one: "Internet Explorer 5.1 and earlier Passive"
... flat wrong! They meant to say Active. I know this because Active/PORT mode is much easier to make firewall rules for - it's an inbound connection with a *source* port of port 20. PASV mode means you have to practically give MSIE the whole farm to connect outbound - something I'll never do. I wish they'd left it alone...

This one...
"Internet Explorer 5.5 and later Both"
Can be clarified by adding "but the settings are not reliable." MSIE 5.5 and 6.0 both refuse to stay in one mode or the other - regardless the setting "Use PASV FTP for compatibility...". I also found it depends on the last mode used and whether or not "Enable folder view for FTP sites" is on or not. It looks like it works for awhile but wait 'til tomorrow and look at logs again... fun, huh?



Moose2

join:2002-02-23
Albany, NY

Bill, have you see this on enabling passive mode in IE?

»support.microsoft.com/default.as···;Q309816

It must apply to I.E. 5 because it doesn't mention the "Use PASV FTP" option that I have in 5.5 and 6.0.



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

That explains what I've seen alrighty! The "folder view" affecting the mode and the fact 5.1 (and 4.x, 5.0) was Active/PORT mode - since I never used folder view. This folder-view option still affects 6.0's mode I found out (the hard way, of course ).

Currently, I'm on MSIE 5.5 on this box. I just checked and I don't have folder views and I don't have PASV. But... it clearly connects PASV mode (a sniffer or my personal firewall indicates this). Why?

Now... a not-so-technical user uses MSIE for ftp. What mode will they be using? How can you make it one or the other reliably? THAT is the problem to somehow overcome and I've seen no way to reliably do that.