FTP Ports

[Hondy]

Hi

I always thought all you need for FTP is port 21. it seems as though you also need a port for a data connection that is >1024?

When I try to connect to my FTP server I get:
"425 Can't open data connection."

Looking this up, passive connections require port 21 + all ports up from 1024 to create a data connection. This seems a little insecure? If I use a client such as Smart FTP, i can see from the logging that it tries to create a connection using 3532, but presumably this is a dynamically chosen port.

Does this mean I need to create an "active" connection (and so open up port 20) rather than a "passive". The norm seems to be a passive?

So will an active connection serve my needs?

Thanks

 

[dberg35]

Make sure you are port forwarding to your FTP servers IP address. I am running an FTP server and only using port 21 just fine.

 

[2marshall8]

There are active and passive FTP server. Passive is the way to go as it's more secure in nature. It's more secure because you don't have to open up all these ports above 1023 from your router to your internal FTP server. This is because the client is forced into a set port on passive and told by the FTP server that you must use these ports to communicate with me. Here is a link for you to check out that explains them all.

http://www.slacksite.com/other/ftp.html

With passive all you have to do is forward the Data and command ports. For instance, say you want to stick with the standard FTP port of 21 for data. forward that to your router. Then decide on what ports you want for command. Say you want ports 2100. Then all you do is forward those to your FTP server. Most FTP servers have a passive option that will help you in this.

I would say that the big difference is that the FTP server is stricter in passive and is the boss.