• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1126
  • Last Modified:

Port conflict - remote access and passive ftp - other than active ftp, any other solution?


I'm running the latest MS Small Business Server, with 2 workstations and an FTP server for client art files.

I work via remote access from a site 50 kms away from the office, taking over one of the office machines. We have had to use ACTIVE rather than PASSIVE ftp connections. Unfortunately, there is a port conflict between remote terminal access and passive ftp, ie. the range of open ports required for passive ftp connections conflicts with the port required for remote access.

I provide PC clients with a preconfigured FTP client program for PC (WSFTP). At least 50% of clients contact us to say the FTP server isn't working. It *is* working of course, but we have to take them through how to use the preconfigured client program, despite the detailed notes we provide. Argh.

Is there any way to get PASSIVE FTP and REMOTE access working together? Any help would MOST greatly appreciated.

Kind Regards

Scott Wilson

  • 2
  • 2
1 Solution
Did you try to connect using VPN connection?

There should be no port conflict between RDC and passive FTP.  What leads you to this conclusion?

Passive FTP's data connection port range is anything above 1024, that is port numbers 1024 - 65535.  Even though RDC uses a port with that range, the way passive FTP (actually the way requesting a TCP port number) there would be no conflict.
thewilloAuthor Commented:
Hi Dan - VPN is no good. Access speed way too slow.

Hi Giltjr - OK. I'm intrigued here. The system has been set up by an external IT guy who has been rock solid so far with all aspects of the installation. He mentioned that Active FTP was necessary due to the port conflict and I simply accepted that. What are your thoughts here? Are there security issues to consider using passive ftp and remote access together? My understanding was that it simply didnt work.

Have you actually set up a SBS network with passive ftp and remote access? How did you configure it? Look forward to your response.
There is no special configuration needed.  Windows Terminal Server listens on port 3389 by default.

When using passive ftp the server will open a TCP socket (port) for the data transfer session, it does not request a specific port, it requests any port that is numbered above 1023.  TCP keeps track of all open ports and will not open one that is already in use, since TS uses port 3389, TCP will never let the ftp server use this port.  So no conflict.

Depending on what firewall you use, there could be some security issues when using passive ftp.   If your firewall does not inspect ftp command/control sessions, then you must configure the firewall to allow all inbound request to your ftp server where the source and desitnation ports are above 1023.  This is not considered secure.  If your firewall inspects ftp command/control sessions, then it will dynamically create the rules to allow the data transfer connections through.  However most companies configure their firewalls not to allow active ftp.
thewilloAuthor Commented:
Thanks, and sorry for slow response. We followed your advice and sure enough there is no conflict. Passive FTP and remote access now working together. You have solved a major problem in the business here.. Many thanks :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now