Differences
This shows you the differences between the selected revisions of the page.
| 2015-01-07 | 2015-02-08 | ||
| no summary (martin) | custom ad (Petr) | ||
| Line 3: | Line 3: | ||
| Where %%FTP%% protocol is more complicated comparing to the other file transfer protocols are file transfers. While the other protocols use the same connection for both session control and file (data) transfers, the %%FTP%% protocol uses a separate connection for the file transfers. | Where %%FTP%% protocol is more complicated comparing to the other file transfer protocols are file transfers. While the other protocols use the same connection for both session control and file (data) transfers, the %%FTP%% protocol uses a separate connection for the file transfers. | ||
| + | |||
| + | ~~AD~~ | ||
| In the //active// mode, the client starts listening on a random port for incoming data connections from the server (the client sends the %%FTP%% command ''PORT'' to inform the server on which port it is listening). Nowadays, it is typical that the client is behind a firewall (e.g. built-in Windows firewall) or NAT router (e.g. ADSL modem), unable to accept incoming %%TCP%% connections. | In the //active// mode, the client starts listening on a random port for incoming data connections from the server (the client sends the %%FTP%% command ''PORT'' to inform the server on which port it is listening). Nowadays, it is typical that the client is behind a firewall (e.g. built-in Windows firewall) or NAT router (e.g. ADSL modem), unable to accept incoming %%TCP%% connections. | ||
| Line 15: | Line 17: | ||
| With the //passive// mode, most of the configuration burden is on the server side. The server administrator should setup the server as described below. | With the //passive// mode, most of the configuration burden is on the server side. The server administrator should setup the server as described below. | ||
| + | |||
| + | ~~AD~~ | ||
| The firewall and NAT on the FTP server side have to be configured not only to allow/route the incoming connections on %%FTP%% port 21,((Or implicit FTPS port 990)) but also a range of ports for the incoming data connections. Typically, the %%FTP%% server software has a configuration option to setup a range of the ports, the server will use. And the same range has to be opened/routed on the firewall/%%NAT%%. | The firewall and NAT on the FTP server side have to be configured not only to allow/route the incoming connections on %%FTP%% port 21,((Or implicit FTPS port 990)) but also a range of ports for the incoming data connections. Typically, the %%FTP%% server software has a configuration option to setup a range of the ports, the server will use. And the same range has to be opened/routed on the firewall/%%NAT%%. | ||
| Line 46: | Line 50: | ||
| With such a firewall/%%NAT%%, the above configuration is not necessary for a plain unencrypted %%FTP%%. But this cannot work with [[ftps|FTPS]], as the control connection traffic is encrypted and the firewall/%%NAT%% cannot inspect nor modify it. | With such a firewall/%%NAT%%, the above configuration is not necessary for a plain unencrypted %%FTP%%. But this cannot work with [[ftps|FTPS]], as the control connection traffic is encrypted and the firewall/%%NAT%% cannot inspect nor modify it. | ||
| - | |||