Solved

Port conflict - remote access and passive ftp - other than active ftp, any other solution?

Posted on 2007-12-07
5
1,102 Views
Last Modified: 2013-11-29
Hi,

I'm running the latest MS Small Business Server, with 2 workstations and an FTP server for client art files.

I work via remote access from a site 50 kms away from the office, taking over one of the office machines. We have had to use ACTIVE rather than PASSIVE ftp connections. Unfortunately, there is a port conflict between remote terminal access and passive ftp, ie. the range of open ports required for passive ftp connections conflicts with the port required for remote access.

I provide PC clients with a preconfigured FTP client program for PC (WSFTP). At least 50% of clients contact us to say the FTP server isn't working. It *is* working of course, but we have to take them through how to use the preconfigured client program, despite the detailed notes we provide. Argh.

Is there any way to get PASSIVE FTP and REMOTE access working together? Any help would MOST greatly appreciated.

Kind Regards

Scott Wilson

0
Comment
Question by:thewillo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 22

Expert Comment

by:dan_blagut
ID: 20426978
Hi
Did you try to connect using VPN connection?

Dan
0
 
LVL 57

Expert Comment

by:giltjr
ID: 20430501
There should be no port conflict between RDC and passive FTP.  What leads you to this conclusion?

Passive FTP's data connection port range is anything above 1024, that is port numbers 1024 - 65535.  Even though RDC uses a port with that range, the way passive FTP (actually the way requesting a TCP port number) there would be no conflict.
0
 

Author Comment

by:thewillo
ID: 20432270
Hi Dan - VPN is no good. Access speed way too slow.

Hi Giltjr - OK. I'm intrigued here. The system has been set up by an external IT guy who has been rock solid so far with all aspects of the installation. He mentioned that Active FTP was necessary due to the port conflict and I simply accepted that. What are your thoughts here? Are there security issues to consider using passive ftp and remote access together? My understanding was that it simply didnt work.

Have you actually set up a SBS network with passive ftp and remote access? How did you configure it? Look forward to your response.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 20432820
There is no special configuration needed.  Windows Terminal Server listens on port 3389 by default.

When using passive ftp the server will open a TCP socket (port) for the data transfer session, it does not request a specific port, it requests any port that is numbered above 1023.  TCP keeps track of all open ports and will not open one that is already in use, since TS uses port 3389, TCP will never let the ftp server use this port.  So no conflict.

Depending on what firewall you use, there could be some security issues when using passive ftp.   If your firewall does not inspect ftp command/control sessions, then you must configure the firewall to allow all inbound request to your ftp server where the source and desitnation ports are above 1023.  This is not considered secure.  If your firewall inspects ftp command/control sessions, then it will dynamically create the rules to allow the data transfer connections through.  However most companies configure their firewalls not to allow active ftp.
0
 

Author Closing Comment

by:thewillo
ID: 31413359
Thanks, and sorry for slow response. We followed your advice and sure enough there is no conflict. Passive FTP and remote access now working together. You have solved a major problem in the business here.. Many thanks :)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question