Ftplib.FTP_TLS Ports
Chris Angelico
rosuav at gmail.com
Tue Dec 9 23:49:21 EST 2014
On Wed, Dec 10, 2014 at 3:37 PM, Dennis Lee Bieber
<wlfraed at ix.netcom.com> wrote:
> Are you running in PASSIVE mode?
>
> Original (normal?) FTP uses the known numbered port as a control port,
> and gets a second port for the data itself (without looking up the RFC I
> can't state if said second port is opened by the server in response to the
> client connect, or is provided to the server by the client).
>
> Passive mode, as I understand it, basically means the control port is
> used for everything -- it explicitly is used to get through firewalls.
Passive mode is easier for getting through firewalls, especially at
the client side, but that's not exactly how it works.
In active mode (the default for the protocol, though a lot of clients
these days default to requesting passive mode), the FTP client listens
on a port and the FTP server connects to that port for data
transmission - inverting the usual server/client interaction. The
client can either listen on port 22, or listen on any other port and
send the server the details (the latter being much more common).
In passive mode, the server listens on an additional port, and sends
the client the details. The client then connects to that port, usually
on the same host as the control port, but a high number.
Passive mode is much easier for a client-side firewall; it can usually
traverse a defaultly-configured home grade NAT firewall, for instance.
Active mode is slightly easier for a server-side firewall, though the
difference isn't huge (you just have to open up an additional port
range and tell the FTP server which ports to use). If it weren't for a
few mindbogglingly backward clients like the default Windows FTP,
there'd be virtually no reason to bother supporting active mode any
more.
ChrisA
More information about the Python-list
mailing list