Differences
This shows you the differences between the selected revisions of the page.
| ftp_modes 2019-01-09 | ftp_modes 2022-04-30 (current) | ||
| Line 39: | Line 39: | ||
| When the %%NAT%% happens on a client side, what the %%FTP%% server cannot know, the IP address it provides is wrong too (from a client's perspective). You can force WinSCP to ignore the %%IP%% address provided by the server using a //[[ui_login_ftp|Force IP address for passive mode connections]]// session setting. | When the %%NAT%% happens on a client side, what the %%FTP%% server cannot know, the IP address it provides is wrong too (from a client's perspective). You can force WinSCP to ignore the %%IP%% address provided by the server using a //[[ui_login_ftp|Force IP address for passive mode connections]]// session setting. | ||
| - | When using a restrictive local firewall that blocks even outgoing connections, you need to open not only control connection port 21, but also a port range for data connections. To open as little ports as possible, find out what ports is the %%FTP%% server configured to use. If you cannot know that, you have to open all unprivileged port range, 1024·-·65535. | + | When using a restrictive local firewall that blocks even outgoing connections, you need to open not only control connection port 21, but also a port range for data connections. To open as little ports as possible, find out what ports is the %%FTP%% server configured to use. If you cannot know that, you have to open all unprivileged port range, 1024--65535. |
| ===== [[active]] Network Configuration for Active Mode ===== | ===== [[active]] Network Configuration for Active Mode ===== | ||
| Line 45: | Line 45: | ||
| With the //active// mode, most of the configuration burden is on the client side. | With the //active// mode, most of the configuration burden is on the client side. | ||
| - | The firewall (e.g. Windows firewall) and NAT (e.g. ADSL modem routing rules) on the client side have to be configured to allow/route a range of ports for the incoming data connections. As WinSCP does not allow configuring a range of the ports it uses for data connections, all ports in Windows dynamic port range 49152 - 65535((For Windows Vista and later. &winvista For details refer to //Remarks// section in documentation of ''[[https://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-bind|bind]]'' WinAPI function. )) have to be opened. To open the ports, go to //Control Panel > System and Security > Windows Firewall//((//Windows Defender Firewall// on Windows 10.))// > Advanced Settings > Inbound Rules > New Rule//. &wincp &win10 For routing the ports on the %%NAT%% (if any), refer to its documentation. | + | The firewall (e.g. Windows firewall) and NAT (e.g. ADSL modem routing rules) on the client side have to be configured to allow/route a range of ports for the incoming data connections. You should restrict [[ui_pref_network|range of local ports that WinSCP uses for the active mode]]. Then open those ports in Windows Firewall. Go to //Control Panel > System and Security > Windows Defender Firewall//((//Windows Firewall// on older versions of Windows.))// > Advanced Settings > Inbound Rules > New Rule//. &wincp &win10 For routing the ports on the %%NAT%% (if any), refer to its documentation. |
| When there's %%NAT%% in your network, you have to configure an external IP address that the WinSCP needs to provide to the %%FTP%% server using ''PORT'' command. So that the server can correctly connect back to WinSCP to open the data connection. For that use //[[ui_pref_network|External IP address]]// setting in Preferences. | When there's %%NAT%% in your network, you have to configure an external IP address that the WinSCP needs to provide to the %%FTP%% server using ''PORT'' command. So that the server can correctly connect back to WinSCP to open the data connection. For that use //[[ui_pref_network|External IP address]]// setting in Preferences. | ||