My bet is that the culprit for your connectivity problems is using the default port 21 filtered by your ISP, nothing to do with active/passive ports.Having a massive headache as I need to Setup FTPS on our servers. You really have to perform the test from a remote system.
This will not work, due to anti-spoofing mechanisms built into most modern routers (the router doesn't know if the connection it receives on its WAN port is really originating from the LAN, or someone else on the Internet is faking its IP as originating from the internal network to gain unauthorised access). If you try to connect to the server through your router's public IP, the connection will go from LAN to the router to its external IP, then the router would be supposed to forward it back to the server in the LAN. Tests performed through your local network (on the same network as the servers) are not relevant at all. Change the listening port from 21 to something else - say, 20021, and forward that in your router. You should configure your FTP server to use a different port for command connections, in a higher range (above 1024). Most ISPs block standard ports for services (21=ftp, 25=smtp, 80=http etc.) in case the customers' computers become compromised without their knowledge. That is clearly an issue for the router, and possibly another router or firewall upstream. Not even for that initial connection for exchanging commands. Now, the issue you seem to have is two steps behind file transfers: external clients can't connect to your server AT ALL. It's much easier to make the server active through firewall/router configuration, than to ask every client to do that and become active. At least one end must be active (ports visible through port forwarding or firewall exceptions).Ĭonsidering the fact that clients can be connecting from a variety of networks and through various routers which may block incoming connections towards them, the assumption is that clients' ports are filtered, so they can't be active. Or, to be more accurate in the explanation, neither system can be reached on an open TCP port in listening mode because a router or firewall is preventing that incoming connection.
The server then initiates an outgoing TCP connection towards the client once established, it pumps the data through, and the client saves it.Ī passive-to-passive connection will not work at all: neither part can initiate the TCP connection towards the other. The client opens a TCP socket in listening mode, then sends a command to the server "send me that file, this is my IP and port". The Passive mode for server (and active for client) goes the other way around. This presumes that the server CAN be reached via direct TCP connections on that port range. The client initiates the TCP connection towards the server once established, it saves the data stream. The server opens a new TCP socket in listening mode on a port in the active range, and waits. In Active mode for server (and passive for client), the client tells the server "get ready, I want to get that file". A bit of theory first Active/passive only matters for establishing connections for file transfers, AFTER the main command connection is established.
0 kommentar(er)
