Solved

Port conflict - remote access and passive ftp - other than active ftp, any other solution?

Posted on 2007-12-07
5
1,090 Views
Last Modified: 2013-11-29
Hi,

I'm running the latest MS Small Business Server, with 2 workstations and an FTP server for client art files.

I work via remote access from a site 50 kms away from the office, taking over one of the office machines. We have had to use ACTIVE rather than PASSIVE ftp connections. Unfortunately, there is a port conflict between remote terminal access and passive ftp, ie. the range of open ports required for passive ftp connections conflicts with the port required for remote access.

I provide PC clients with a preconfigured FTP client program for PC (WSFTP). At least 50% of clients contact us to say the FTP server isn't working. It *is* working of course, but we have to take them through how to use the preconfigured client program, despite the detailed notes we provide. Argh.

Is there any way to get PASSIVE FTP and REMOTE access working together? Any help would MOST greatly appreciated.

Kind Regards

Scott Wilson

0
Comment
Question by:thewillo
  • 2
  • 2
5 Comments
 
LVL 21

Expert Comment

by:dan_blagut
ID: 20426978
Hi
Did you try to connect using VPN connection?

Dan
0
 
LVL 57

Expert Comment

by:giltjr
ID: 20430501
There should be no port conflict between RDC and passive FTP.  What leads you to this conclusion?

Passive FTP's data connection port range is anything above 1024, that is port numbers 1024 - 65535.  Even though RDC uses a port with that range, the way passive FTP (actually the way requesting a TCP port number) there would be no conflict.
0
 

Author Comment

by:thewillo
ID: 20432270
Hi Dan - VPN is no good. Access speed way too slow.

Hi Giltjr - OK. I'm intrigued here. The system has been set up by an external IT guy who has been rock solid so far with all aspects of the installation. He mentioned that Active FTP was necessary due to the port conflict and I simply accepted that. What are your thoughts here? Are there security issues to consider using passive ftp and remote access together? My understanding was that it simply didnt work.

Have you actually set up a SBS network with passive ftp and remote access? How did you configure it? Look forward to your response.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 20432820
There is no special configuration needed.  Windows Terminal Server listens on port 3389 by default.

When using passive ftp the server will open a TCP socket (port) for the data transfer session, it does not request a specific port, it requests any port that is numbered above 1023.  TCP keeps track of all open ports and will not open one that is already in use, since TS uses port 3389, TCP will never let the ftp server use this port.  So no conflict.

Depending on what firewall you use, there could be some security issues when using passive ftp.   If your firewall does not inspect ftp command/control sessions, then you must configure the firewall to allow all inbound request to your ftp server where the source and desitnation ports are above 1023.  This is not considered secure.  If your firewall inspects ftp command/control sessions, then it will dynamically create the rules to allow the data transfer connections through.  However most companies configure their firewalls not to allow active ftp.
0
 

Author Closing Comment

by:thewillo
ID: 31413359
Thanks, and sorry for slow response. We followed your advice and sure enough there is no conflict. Passive FTP and remote access now working together. You have solved a major problem in the business here.. Many thanks :)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now