× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2003

Re: FTP data port

I explained something about how FTP data ports work yesterday in a
different thread.  You can read it here:
   http://archive.midrange.com/midrange-l/200306/msg00528.html

The FTP server does not listen on port 20.  That's not how FTP works.
In fact, since you're insisting on passive mode being off, the server
does not listen for data connections AT ALL, the client does that.  And
only AFTER you ask it to do a file transfer.

FTP is implemented on top of the TCP protocol.  It creates many TCP
connections.  The first one is the control connection.  Then, it creates
a separate connection for each file or directory listing that you request.

When not in passive mode, when a file/directory is requested to be
transferred, the client sends a PORT command containing the IP address
and port number that the server should connect back to.   That's how they
establish the data connection.

THE DATA CONNECTION IS NOT ALWAYS ON THE SAME PORT.

It's very important to realize that in any TCP connection there are
actually TWO ports in use.   The system determines which job controls the
socket based on a table that correlates socket descriptors with a key
value made from the client IP address, client port number, server IP
address and server port number.   You cannot have two connections between
the same machines where both the client port and server port are the same.

Now, normally when you talk about ports, you talk about the server port.
For example, when you say "FTP is on port 21" you're talking about the
port number that the server listens on.   The client-side just picks any
open port number for it's side of the connection.   If two FTP jobs are
running at the same time, they use different port numbers.  They HAVE TO,
because the system wouldn't otherwise know which packets to send to which
FTP job.

Hopefully that makes sense now.

So, when you talk about the data connection being on port 20, you are
actually talking about the server-side of the data connection.   When the
client sends a PORT commadn to the server, it picks any available port
number for the server to connect back on, but a good server will always
originate that connection from port 20.

BUT NOTHING EVER LISTENS ON PORT 20.  Since the client just picks a
free port to listen on.

Where am I going with this?  I don't know, I think I'm just rambling.
I guess I don't understand why you want the data channel on port 10020,
when nothing listens on it anyway.

At any rate, maybe the stuff I explained above will help you get your
firewall configured correctly


On Thu, 12 Jun 2003 Steven.Gray@xxxxxxxxxxxxxx wrote:
>
> I know that by default FTP uses port 21 as the command port and port 20 as
> the data port.
> I am trying to send data to an external server via an As400 FTP connection
> (OS/400 V4.5).
>
> Unfortunately for me they have certain restrictions. These being :-
>
> a. The command port must be port 10021
> b. The data port must be port 10020
> c. Passive mode must be OFF.
> d. PORT mode must be ON.
>
> Now I can connect to the server 192.168.36.2 10021 which allows me to
> connect using command port 10021.
>
> >From this I can run the commands
> SENDPASV 0    - turn off passive mode
> SENDPORT 1    - turn on port mode
>
> but as soon as I try to put or get data the error message
> '425 can't build data connection: connection timed out'  appears.
>
> The connection is going through a firewall , which has been examined , and
> all that is shown is the initial connection over port 10021. No mention of
> port 20 or 10020 appears.
>
> I think this may have something to do with the data port 10020 not being
> correctly set on the AS400.But how do I do this ?
>
> Looking at WRKTCPSTS option 3 shows my local port 21 in the list at a listen
> status , but no port 20.
>
> When the connection is active , remote port 10021 is displayed against the
> customers IP address , but no port 20 or 10020.
>
> Is this the problem? If so how do I correct this and are there any security
> issues that I should be made aware of if port 20 or port 10020 are open?
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.