Database Search
TechHome
 |
- !!NEWSFLASH!!
- !Limitations of the WinInet FTP Functions
- !List of Win32 Error Codes
- 12003 ERROR_INTERNET_EXTENDED_ERROR
- 12007 Error
- 12163 error trying to trying to open an FTP session
- Active vs Passive FTP Connections
- Allowing User to Accept Cookies
- Ascii vs Binary FTP Transfers
- Automating Web forms with Cookies
- Can WinInet Handle Framed Pages
- Change Phone Number of Connectiod-Ras entry
- Check for IE4
- Check if a File has been Modified on Web Server
- Check if FTP File Exists
- Check if iUrlOpen returns what your expecting
- Cookies Wont Go Through
- Delete Temporary Internet Files Cache
- Dialog Progress Bar not Working
- Download a Message directly to a Binary buffer
- Embed User Id and Password in URL
- Error 12045 Invalid Certificate
- Error 307 File Access Failed
- Error 321 iFtpFindNext failed
- Error code 632 on WinInet dial-up
- ERROR with iOptionSet
- FTP Directory Exist
- FTP File Exist
- Ftp Functions and OpenVms
- Ftp Issue with Large File Transfers
- FTP Keep Alive
- FTP Proxy Server and Passive Transfer
- FTP SSL
- FtpListFileNames UDF
- Get Wininet Error Description String
- Get Real Internet Address
- Get WinInet Error Description String
- Getting ERROR on iHttpOpen with HTTPS
- Handle Http Redirect
- How to Specifiy HTTP User Agent
- How to use iGetConState
- How to Use iHttpOpen - Do a Post - and Grab HTML
- HTTP and WinInet - An Opus
- HTTPDownload 1.4
- iBegin and Firewalls
- IE4 Dlls needed for Wininet Extender on 95
- iFtpCmd and MDTM command
- iFtpCmd and Quote Site
- iFtpCmd APPE Causes iWriteData to Crash using IE 7
- iFtpCmd APPE Example
- iFtpCmd Issues
- iFtpCmd RETR Crash on Windows 7 32-bit WinInet Only
- iFtpDirMake Error 318
- iFTPFileSize 300 Error FileOpen Failed
- iFtpFindInit Memory Leak
- iFtpFindInit Returns Zero
- iFtpFindInit Wildcards
- iFtpFindNext Problem with Date
- iFtpGet Newer Files Only
- iFtpGet to get INI file
- iFtpGet Wininet Error 12031
- iFtpPut Error 12002 ERROR_INTERNET_TIMEOUT
- iFtpPut Error 12003
- iFtpPut to Unix Server
- iGetConState Return Values
- iGetConState Returns False
- iGetConState(0) Returns 1 for No Connection
- iGetLastError Always Returns 2 with IE5
- iHostConnect and Return Codes
- iHostConnect Error 65535
- iHttpInit and 401 Error
- iHttpOpen Error 406
- iHTTPOpen Error Message 12044 ERROR_INTERNET_CLIENT_AUTH_CERT_NEEDED
- iHTTPOpen Not Returning 404
- Installation of a Certificate
- InternetCookieSetEx and InternetCookieGetEx
- iOptionSet Error
- Latitude and Longitude of An Address
- Logfile of FTP Session
- Make a WHOIS Request
- Multiple FTP Sessions
- Non Standard Port
- Post HTML Problem
- Print a Web Page
- Progress bar during HTTP download
- Removing Empty Directories with FTP
- Require Certificate for HTTPS Downloads
- Return Info on Web Server
- Sample code - Weather Watch
- Secure FTP Issues
- Select Links That Contain Java Script Code
- Syncronize FTP
- UrlEncode of Hebrew characters
- Website Forms with Viewstate and Eventvalidation
- Wininet and Cookies
- WinInet and JavaScript
- WinInet and OpenVMS Problem
- WinInet Errors
- WinInet Not Supported for Use in Services
- Yahoo Signin Form
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Active vs Passive FTP Connections
Active Vs. Passive FTP Connections
There are two common modes for FTP connections: Active and Passive.
Active-mode FTP Connections
Referred to as "client-managed" because the client sends a PORT command to the server (over the control connection) that
requests the server to establish a data connection from TCP Port 20 on the server, to the client, using the TCP port that
is specified by the PORT command.
Passive-mode FTP Connections
Referred to as "server-managed", because after the client issues a PASV command, the server responds to that PASV instruction
with one of its ephemeral ports that will be used as the server-side port of the data connection. After a data connection command
is issued by the client, the server connects to the client using the port immediately above the client-side port of the control
connection.
NOTE: The most common problem encountered when you use FTP over the Internet results when you attempt transfers through a Network Boundary Securing Device (NBSD) such as a proxy, firewall, or Network Address Translation (NAT) device. In most cases the NBSD allows the control connection to be established over TCP 21 (that is, the user can successfully log on to the FTP server), but when the user attempts a data transfer such as DIR, LS, GET, or PUT, the FTP client appears to stop responding because the NBSD is blocking the data connection port that is specified by the client. If the NBSD supports logging, you can verify port blocking by reviewing the deny/reject logs on the NBSD.
A quick summary of the pros and cons of active vs. passive FTP is also in order:
Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make
connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side.
Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to
the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.
Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously.
Article ID: W17375
File Created: 2012:09:13:09:19:10
Last Updated: 2012:09:13:09:19:10