Shulou(Shulou.com)06/03 Report--

The steps for setting up the server are very simple, so I won't introduce you here. But after setting up, the server can access ftp locally, but other machines in the local area network cannot, it will prompt this error message, 425 Can't open data connection for transfer of "/"!

It is very likely that there is something wrong with the active mode and passive mode of the FTP server.

Let's take a look at the difference between FTP active mode and passive mode:

FTP is a TCP-only service and does not support UDP. What is different is that FTP uses two ports, a data port and a command port (also known as a control port). Generally speaking, these two ports are 21 (command port) and 20 (data port). But the way FTP works, the data port is not always 20. This is the biggest difference between active and passive FTP. (1) active FTP active FTP is like this: the client connects to the command port of the FTP server from an arbitrary non-privileged port N (N > 1024), that is, port 21. Then the client starts listening on port Numb1 and sends the FTP command "port Number1" to the FTP server. The server then connects from its own data port (20) to the data port specified by the client (Number1). For the firewall in front of the FTP server, the following communications must be allowed to support active FTP: 1. Any port greater than 1024 to port 21 of the FTP server. (client initialized connection) 2. Port 21 of the FTP server to a port greater than 1024. (the server responds to the control port of the client) 3. Port 20 of the FTP server to a port greater than 1024. (the server initializes the data connection to the client's data port) 4. More than 1024 port to the 20 port of the FTP server (the client sends the ACK response to the server's data port) (2) passive FTP in order to solve the problem of the connection initiated by the server to the client, people have developed a different FTP connection. This is called passive mode, or PASV, which is enabled when the client informs the server that it is in passive mode. In passive FTP, both command connection and data connection are initiated by the client, which can solve the problem that the incoming connection from the data port from the server to the client is filtered out by the firewall. When a FTP connection is opened, the client opens two arbitrary unprivileged local ports (N > 1024 and Number1). The first port connects to port 21 of the server, but unlike active FTP, the client does not submit PORT commands and allows the server to connect back and forth to its data port, but to submit PASV commands. The result is that the server opens an arbitrary unprivileged port (P > 1024) and sends a PORT P command to the client. The client then initiates a connection from local port Number1 to port P of the server to transmit data. For server-side firewalls, the following communications must be allowed to support passive FTP: 1. From any port greater than 1024 to port 21 of the server (client initialized connection) 2. The server's port 21 to any port greater than 1024 (the server responds to the connection to the client's control port) 3. From any port greater than 1024 to the server's port greater than 1024 (client initialization data connects to any port specified by the server) 4. The server's port greater than 1024 to the remote port greater than 1024 (the server sends ACK responses and data to the client's data port) the above explanation of active and passive FTP It can be summarized as follows: 1. Active FTP: command connection: client > port 1024-> server port 21 data connection: client > port 1024 port 1024-> server port 21 data connection: client > port 1024-> server > port 1024 (3) advantages and disadvantages of active and passive FTP: active FTP is beneficial to the management of FTP server But it is disadvantageous to the management of the client. Because the FTP server attempts to establish a connection with the client's high random port, which is likely to be blocked by the client's firewall. Passive FTP is good for the management of FTP client, but not for the management of server. Because the client has to establish two connections with the server, one of which is connected to a high random port, which is likely to be blocked by the server-side firewall. ``after the configuration of filezilla is completed, the default configuration is active mode, so we need to turn on passive mode and set ports greater than 1024! [] (https://s1.51cto.com/images/blog/201711/24/65f4be130e043a05ea33cd835ec2ecc0.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) last Firewall inbound rules should release the ports greater than 1024 that have just been configured.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.