[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ports in FTP-APIs

To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Ports in FTP-APIs
From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Date: Fri, 25 Aug 2006 11:04:20 -0500 (CDT)
Cc: ftpapi@xxxxxxxxxxxxx
In-reply-to: <005301c6c85a$0d4c16a0$6a0aa8c0@xxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
References: <005301c6c85a$0d4c16a0$6a0aa8c0@xxxxxxxxx>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx

> we do not specify the port parameter in FTP_Conn API, but I wonder why 
> the last 2 ports in the port list (seen in the job log) are always 
> different?

The ports used by the "PORT" command have nothing to do with the port 
number specified on the FTP_Conn() command.

FTP uses one TCP channel for the exchange of "commands".  That's what 
FTP_Conn() establishes.   Then every time data is transferred (i.e. when 
you do a GET, PUT, DIR or LIST operation) it opens up a new channel to 
transfer the data in.

The PORT Subcommand is for this data channel when in standard ("Active") 
FTP mode.

> e.g.: PORT 10,12,40,21,139,131
>        PORT 10,12,40,21,137,102
>        PORT 10,12,40,21,141,21
>        PORT 10,12,40,21,142,8
>
> Some firewalls restrict the port numbers and therefore we get sometimes
> errors, if an invalid port is used. Therefore my second question: Which port
> of the port list will be actually used? Is it recommended to specify certain
> ports in FTP_Conn parameter?

This isn't a list of ports.  Each PORT command specifies one IP address 
and one port.  Your examples above stand for:

"IP address 10.12.40.21 and port 18209"
"IP address 10.12.30.21 and port 13974"
"IP address 10.12.30.21 and port 2961"
"IP address 10.12.30.21 and port 1136"

The first 4 numbers in the PORT command are the 4 bytes that make up the 
IP Address.  The last 2 numbers are the 2 bytes that make up the port.

The server will create a connection from port 20 on the server side to 
whichever one of these ports is specified on the PORT command.  The 
correct way to configure a firewall is to allow incoming connections as 
long as they originate with port 20.  This is how you allow active FTP to 
work through a firewall.

If you're not willing to do that, then use passive mode FTP instead of 
active.  In FTPAPI, you do that by specifying

    FTP_passiveMode(fd: *ON);

The port you specify on the FTP_Conn() API won't have any affect on the 
ports used.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- AW: Ports in FTP-APIs
  - From: Werner Noll, GEFIS

References:
- Ports in FTP-APIs
  - From: Werner Noll, GEFIS

Prev by Date: Ports in FTP-APIs
Next by Date: AW: Ports in FTP-APIs
Previous by thread: Ports in FTP-APIs
Next by thread: AW: Ports in FTP-APIs
Index(es):
- Date
- Thread