![]() |
|||
|
|||
![]() |
|||
A : Most of the ftp users never know what are PASV (Passive) and PORT commands , and of course these are not your fault , first of all you must know that each FTP session uses 2 TCP connections , and when you connect to a FTP server it uses the first one , and when you want to do a DIR LISTING or FILE TRANSFER , it requires the second TCP connection , and these 2 commands are just used for BUILDING (negotiate) the second TCP connection . You may feel strange that why there are 2 commands for DATA connection , but not just one , this would be a good question , in the beginning , a PORT command should be enough , however with the introduce of large amount of FIREWALL softwares and NAT devices , this PORT command became useless , hence the PASV command was introduced , it is also known as FIREWALL friendly data transfer . Now we are going to tell you what's the difference between these 2 commands : PORT : the ftp client TELLS the ftp server to connect to ftp client's IP address (with a port number) PASV : the ftp server TELLS the ftp client to connect to ftp server's IP address (with a port number) So it won't be hard to realize that : PORT will fail : if the ftp client doesn't even know its own real address (when this client is behind a NAT) PASV will fail : if the ftp server doesn't even know its own real address (when this server is behind a NAT) So where can you see these PORT/PASV commands and replies ?! , yeah , get a better FTP client with a status window :) , we'll say : FlashFXP , CuteFTP , Windows Commander and too many to mention .. but of course , there are some clients which hide these commands/replies so you will never see them . Now you should know where to configure if you meet PORT and PASV problems .. Prob 1: your ftp client can not LIST DIR because you see a "PORT command failed error" , because this command is sent by FTP client so if the client's IP+PORT listed in this command looks like an address behind the NAT Address
Allocation for Private Internets You know it's the ftp client's fault , you can try to tell this FTP user to setup his FTP client properly , ask him to user PASV mode , never use PORT mode , since his FTP client can't tell the difference Prob 2: your ftp client can connect to a FTP server , but can't LIST DIR and you see an error : PASV failed , no one connects to IP:PORT , now you need to look at the IP+PORT ... does it look like an IP address behind a NAT ? Address
Allocation for Private Internets
if so , the server owner should configure it properly , he should not let the FTP server to use that internal IP address ( read : http://www.raidenftpd.com/en/raiden-ftpd-doc/howto-setup-ip.html ) , if the IP+PORT looks fine and it is the same as the server's IP , the possibilities become multiple , and usually you can't not know the real reason at once , you must try the following steps . 1.Change to another FTP client software / upgrade version of your FTP client software , yes don't doubt that there are BADly designed ftp clients in the world and we will not say their name here . also note that when you do a FXP , the other FTP server becomes a FTP client also , and of course , there are badly designed FTP server in the world and we will not say their name here . 2.IF you are a FTP user , check if you are running any FIREWALL/Securitry application that blocks the 2nd connection , remove it 3.IF you are a site owner , check if you are running any FIREWALL/Securitry application that blocks the 2nd connection , remove it Are all the problems gone ? Sorry but the answer is NO , and you will never figure it out unless you are sitting on both side of the server/client's network , the reason is simple , how can you know if there is ANY FIREWALL in the client's network ? or as a client , how can you know if there is ANY FIREWALL in the server's network ? the answer is ... YOU NEVER KNOW . and even if you own both of the server and client computers , how do you know if the network administrator or ISP had a firewall installed on the GATEWAY machine of your network or not ? the answer is still YOU NEVER KNOW .. so when you get these errors .. try the above steps and find out your OWN ANSWER , because RaidenFTPD has no PASV/PORT problem and since no one (even yourself) will probably NEVER know the real reason . you must find it out by yourself . and the necessary knowledge were all listed in this page . That's ALL |
|||
Copyright © RaidenFTPD TEAM , ALL RIGHTS RESERVED
REVISION 2.2 , 2002/09/10