Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ftp port numbers help

1 view
Skip to first unread message

Captain Wesker

unread,
Dec 19, 2002, 4:40:45 PM12/19/02
to
I'm about to run my mac as an FTP server, only as a hobby.. nothing
major! Can someone please tell me what ports FTP uses? I'm told ports 20
+ 21
...just thinking about the firewall s/w & overall security

Thanks
Steve

Marc Heusser

unread,
Dec 19, 2002, 6:18:48 PM12/19/02
to
In article <1fngk5b.1xbj9ql1d9ufqqN%doom_...@SPAMbtinternet.com>,
doom_...@SPAMbtinternet.com (Captain Wesker) wrote:

Try http://www.iana.org/assignments/port-numbers, the official site.

Marc

--
Marc Heusser
remove the obvious CHEERS and MERCIAL... from the reply address
to reply via e-mail

Alan Hart

unread,
Dec 19, 2002, 8:24:23 PM12/19/02
to
In article <1fngk5b.1xbj9ql1d9ufqqN%doom_...@SPAMbtinternet.com>,
doom_...@SPAMbtinternet.com (Captain Wesker) wrote:

Port 21 is used for the control connections. Port 20 is the default port
used for data connections. FTP has a couple of complications, though:

The client can ask for active or passive transfer mode, according to
whether it wants to initiate the data connection itself or it wants the
server to initiate it.

If the client asks for passive mode the server replies with its IP
address and the port it will listen on for the client's data connection.
If the client asks for active mode then it can include a port number
that it (the client) will listen on for the data connection from the
server. The data port specified in these modes may be the default port
20, or it may be another port entirely, making port mapping through the
fireall more complicated.

Also, if the ftp server is behind an address translation firewall,
passive mode can cause problems because the IP address known by the
server is not the public address the client must use to contact it.
Servers can usually be configured to respond with the public address to
deal with this. Passive mode is the mode most commonly used by browsers.

--
Alan -- don't want nospam

Captain Wesker

unread,
Dec 21, 2002, 12:11:10 PM12/21/02
to
> Port 21 is used for the control connections. Port 20 is the default port
> used for data connections. FTP has a couple of complications, though:
>
> The client can ask for active or passive transfer mode, according to
> whether it wants to initiate the data connection itself or it wants the
> server to initiate it.
>
> If the client asks for passive mode the server replies with its IP
> address and the port it will listen on for the client's data connection.
> If the client asks for active mode then it can include a port number
> that it (the client) will listen on for the data connection from the
> server. The data port specified in these modes may be the default port
> 20, or it may be another port entirely, making port mapping through the
> fireall more complicated.
>
> Also, if the ftp server is behind an address translation firewall,
> passive mode can cause problems because the IP address known by the
> server is not the public address the client must use to contact it.
> Servers can usually be configured to respond with the public address to
> deal with this. Passive mode is the mode most commonly used by browsers.

cheers for the replies guys.
I'm wondering how i should configure the router now then? It's a
NetgearDG814 and automattically opens port21 for ftp forwarding. But
i've changed this to 20+21 now.

The info above is very confusing! :-/
I'm guessing passive is better for servers like mine and it ok for users
who happen to be using IE or netscape. But what about those using Fetch,
Interarchy, etc..?

Cheers for the reply, appreciated

--
Steve

Alan Hart

unread,
Dec 21, 2002, 7:00:18 PM12/21/02
to
In article <1fnjwxf.ouc6851kmg3yaN%doom_...@SPAMbtinternet.com>,
doom_...@SPAMbtinternet.com (Captain Wesker) wrote:

> I'm wondering how i should configure the router now then? It's a
> NetgearDG814 and automattically opens port21 for ftp forwarding. But
> i've changed this to 20+21 now.
>
> The info above is very confusing! :-/

Sorry, it confuses me too ;-)

> I'm guessing passive is better for servers like mine and it ok for users
> who happen to be using IE or netscape. But what about those using Fetch,
> Interarchy, etc..?

Active mode is the one that's most likely to work, because you just need
port 21 mapped for control connections. The server originates the data
connection from inside the firewall and it looks a lot like any outgoing
TCP connection, requiring no port mapping.

Passive mode is more problematic for a server behind a NAT firewall
because the client has to set up the data connection to an address and
port specified by the server, which get remapped in most NAT routers.

FTP clients typically use active mode by default or can usually be
configured to do so. Browsers usually seem to do passive mode and are
not typically reconfigurable.

You've opened the only ports you sensibly can. If possible, set the FTP
server config to send your public IP address to clients instead of its
own private address.

What works will then depend on how intelligent the NAT in the router is.
Some NAT routers can doctor the ftp control packets to adjust the
addresses and ports that are negotiated, in which case either or both
modes may work.

The bottom line is I suggest you test it with some browsers and some FTP
clients. Try both active and passive modes in the FTP clients. Also ask
Netgear what inbound FTP modes the router will support - they may even
know!

0 new messages