[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Odd Data Transfer Issue



John,

An ephemeral port number (in the higher range... usually MUCH higher than 1023) is chosen in both passive and active connections.

The difference is who originates the connection, and who receives the connection. In an active FTP session, the server makes a connection back to the client. In a passive session, the client makes the connection to the server.

You state that port 20 is used for active FTP. This is true, but what you didn't explain is that port 20 in that case is the _originating_ port number. When we talk about ports, we almost never discuss originating ports, we always discuss the target port number... so this might be misleading.

In every TCP connection, there are always two ports involved, one for each computer involved in the conversation. Whichever side originates the connection (typically the "client" side) has a port number, and the application that is being connected to (typicall the "server" side) has a port number (which is the target port)

In the vast majority of applications, the originating port number is chosen from the pool of free, unused, port numbers by the operating system. So the originating port is "random", it's different for each connection. The target port number is usually a well-known port number that's used in all situations for a given application. For this reason, when we set up firewalls, proxies, etc, we typically talk about the target port. We say that HTTP runs on 80, Telnet on 23, SMTP on 25, FTP (command channel) on 21, etc. That's the target port.

When you say that an FTP data connection is made on port 20, that's actually the originating port number, not the target. It does not connect _to_ port 20. It connects _from_ port 20. This distinction is critical when setting up a firewall, because firewalls often do not have the ability to open/block the originating port, just the destination port. (Though, some do -- especially the better ones -- but even in those cases, it's a separate field.)

-SK

On 6/5/2014 1:25 PM, John Fox wrote:
FTP communications uses 2 ports.  The command port (port 21) is used to
send the FTP commands from the client to the server.  The data port is
opened between the client and the server when there is a need to
transfer data between the two systems.  This is port 20 if you are using
Active connection or it could be a port number greater than port 1023 if
you are using passive mode.  This web page does a descent job of
explaining things:

http://www.slacksite.com/other/ftp.html

The error message you sent seems to indicate that a connection for the
data port could not be established in order to transfer the data.

This kind of problem typically happens if there is a firewall between
the 2 servers that is not properly configured, or there is a change to
the FTP server and one is expecting PASV while the other is expecting
Active connections.

I recommend that you troubleshoot along these lines for a correction to
your problem.

-----Original Message-----
From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Brian
Sent: Thursday, June 05, 2014 1:57 PM
To: HTTPAPI and FTPAPI Projects
Subject: Odd Data Transfer Issue

Hello List,

We've suddenly begun to experience an issue moving files between our
iSeries and another one.  I do not believe this is an FTPAPI issue at
all because we are using it to move files to and from our machine and
other iSeries without issue.  I am just hoping someone may have ideas on
how to locate the root cause of this or get more info from FTPAPI.

We are using put/get/append at different times to move iSeries database
files around between our iSeries and another.  We are using binary mode
*ON and trim mode *OFF.  This had been working just fine a week ago and
suddenly this week we are getting the error message in FTPAPI of "Not
able to open data connection.". We are not getting error on the same
file each time and not every time we connect and move files around.

I know this is pretty vague but I am hoping someone may have some
insight or thoughts on this.

Thanks much in advance.


DISCLAIMER:
This e-mail is intended for the use of the addressee(s) only and may contain privileged, confidential, or proprietary information that is
exempt from disclosure under law. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this
communication to others. Please notify the sender that you have received this e-mail in error by replying to the e-mail. Please then
delete the e-mail and destroy any copies of it. Thank you.

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------


-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------