Ftp high port

What is the ftp high-port ? Is it about ftp active and passive mode ?
rotaris357Asked:
Who is Participating?
 
cincin77Connect With a Mentor Commented:
Different from other TCP/IP applications, FTP uses 2 ports instead of one; one for control data and the other for the data. In normal operation; you open a connection to the port 21 of the ftp server.(this is the control connection) For this connection your local machine also has a port #.

The commands you enter like GET, PUT go through this channel. Aa the time comes to send or receive some data, FTP server opens a connection from its port # 20 to a local port in your machine which you sent to the server in advance through the control channel. This local port should be the 'high-port'.

However today most client machines are behind a firewall so it is not possible for the ftp server to open a connection to your machine. So your ftp client asks the server if it supports passive mode in which case the data connection is again opened by your client machine.

regards...
0
 
geoffrynCommented:
Here is a great resource that explains FTP Active vs PASV in detail.

http://slacksite.com/other/ftp.html
0
 
The--CaptainCommented:
>However today most client machines are behind a firewall
>so it is not possible for the ftp server to
>open a connection to your machine

What kind of firewall are you using?  Mine certainly does do this (supports non-passive FTP) - it's called a stateful firewall, and any firewall that can't do it (these days) is basically crap (although most older firewalls *were* crap, and couldn't do it, hence passive FTP)

Otherwise, all the info I see here seems good, particularly geoffryn's URL - I vote for his answer...

Cheers,
-Jon


0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
cincin77Commented:
It is not a good idea to allow incoming tcp connection requests.
it can be compromised.
0
 
The--CaptainCommented:
>It is not a good idea to allow incoming tcp connection
>requests. it can be compromised.

Please refer to the CERT ID that indicates such vulnerabilities in iptables (I would also be interested in *any* CERT advisory regarding a stateful firewall).

Cheers,
-Jon
0
 
rotaris357Author Commented:
Thanks Cincin77 and geoffryn that make me clear , but I choose Cincin77 because he answers the question with his intention , and I think he can make me clear in the short of the detail.
0
 
The--CaptainCommented:
Whatever works...

Cheers,
-Jon
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.