[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Ports in FTP-APIs
> we do not specify the port parameter in FTP_Conn API, but I wonder why
> the last 2 ports in the port list (seen in the job log) are always
> different?
The ports used by the "PORT" command have nothing to do with the port
number specified on the FTP_Conn() command.
FTP uses one TCP channel for the exchange of "commands". That's what
FTP_Conn() establishes. Then every time data is transferred (i.e. when
you do a GET, PUT, DIR or LIST operation) it opens up a new channel to
transfer the data in.
The PORT Subcommand is for this data channel when in standard ("Active")
FTP mode.
> e.g.: PORT 10,12,40,21,139,131
> PORT 10,12,40,21,137,102
> PORT 10,12,40,21,141,21
> PORT 10,12,40,21,142,8
>
> Some firewalls restrict the port numbers and therefore we get sometimes
> errors, if an invalid port is used. Therefore my second question: Which port
> of the port list will be actually used? Is it recommended to specify certain
> ports in FTP_Conn parameter?
This isn't a list of ports. Each PORT command specifies one IP address
and one port. Your examples above stand for:
"IP address 10.12.40.21 and port 18209"
"IP address 10.12.30.21 and port 13974"
"IP address 10.12.30.21 and port 2961"
"IP address 10.12.30.21 and port 1136"
The first 4 numbers in the PORT command are the 4 bytes that make up the
IP Address. The last 2 numbers are the 2 bytes that make up the port.
The server will create a connection from port 20 on the server side to
whichever one of these ports is specified on the PORT command. The
correct way to configure a firewall is to allow incoming connections as
long as they originate with port 20. This is how you allow active FTP to
work through a firewall.
If you're not willing to do that, then use passive mode FTP instead of
active. In FTPAPI, you do that by specifying
FTP_passiveMode(fd: *ON);
The port you specify on the FTP_Conn() API won't have any affect on the
ports used.
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------