With a Microsoft IIS server in the default configuration, firewall rules must allow inbound connections on ports through 65535. For example, Microsoft IIS uses ports 1024 through 65535 by default. The documentation about your particular FTP server software should contain information about the ephemeral ports used when passive FTP is requested by a client. Ephemeral ports are typically high numbered and outside the range of IANA registered ports. An ephemeral port is a temporary, non-registered port used for communication. Firewall rules must be constructed to allow inbound connections on port 21 and inbound connections on the ephemeral ports used by the client when connecting to the FTP server using a passive connection. The FTP session has now been establishedīecause the client initiates all connections, the client firewall will not block any traffic, as shown below:Ĭonfiguration for passive FTP on an MX appliance requires some additional knowledge of the FTP application.
The client initiates a connection to the server on this ephemeral port. The port command specifies a random, high-numbered (ephemeral) port that the client can connect to. The server responds with the PORT command. The source port is a random, high-numbered port. The client sends the PASV command to an FTP server on port 21. A passive FTP connection follows the following process: This process is effective because most firewalls allow inbound traffic from sessions initiated by the client. When passive FTP is used, the client will initiate the connection to the server.
Both the server and the client must support passive FTP for this process to work. Passive FTP is an FTP mode that can be requested by a client to alleviate the issues caused by client-side firewalls.
0 kommentar(er)
