On Wed, Dec 10, 2014 at 3:37 PM, Dennis Lee Bieber <wlfr...@ix.netcom.com> wrote: > Are you running in PASSIVE mode? > > Original (normal?) FTP uses the known numbered port as a control port, > and gets a second port for the data itself (without looking up the RFC I > can't state if said second port is opened by the server in response to the > client connect, or is provided to the server by the client). > > Passive mode, as I understand it, basically means the control port is > used for everything -- it explicitly is used to get through firewalls.
Passive mode is easier for getting through firewalls, especially at the client side, but that's not exactly how it works. In active mode (the default for the protocol, though a lot of clients these days default to requesting passive mode), the FTP client listens on a port and the FTP server connects to that port for data transmission - inverting the usual server/client interaction. The client can either listen on port 22, or listen on any other port and send the server the details (the latter being much more common). In passive mode, the server listens on an additional port, and sends the client the details. The client then connects to that port, usually on the same host as the control port, but a high number. Passive mode is much easier for a client-side firewall; it can usually traverse a defaultly-configured home grade NAT firewall, for instance. Active mode is slightly easier for a server-side firewall, though the difference isn't huge (you just have to open up an additional port range and tell the FTP server which ports to use). If it weren't for a few mindbogglingly backward clients like the default Windows FTP, there'd be virtually no reason to bother supporting active mode any more. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
