Q I am behind of firewall or router. Which ports should I open in order to get FTP server working?

A FTP protocol differs from other standard Internet protocols, it is more complicated, since it uses two different connections: one for transferring FTP commands (control connection), another - for transferring files and directory listings (data connection).

Control connection always occurs on a fixed port, which, by default, is TCP port 21, so, you definitely have to open port 21 of your firewall, or forward port 21 of your router to the port 21 of your server computer, assuming, that you are running your FTP server on the default FTP port 21.

Data connection is more complicated, it does not use any fixed ports, and, sometimes, it is hard to figure out which ports to open and which ports to forward. All depends how "smart" the router or firewall is, sometimes, they detect, that the connection belongs to the FTP protocol, and do not create too many problems, but sometimes, you will need to do extra work, accomocate several types of firewalls and routers, data connection may operate in two different modes: active mode, which is a standard, and passive mode, which was invented later, for router compatibility. Our server supports both modes.

Active mode works the following way:

1. Client temporarily acts as a server. It allocates random available port on a client computer, and sends an address of it to the server, with PORT FTP command;
2. Server receives an address, and attempts to connect to that address and port;
3. After the connection is established, client and server are exchanging the information;

If you are using only firewall, and not a router, then all should work fine, and you should not have any problems with active connections. But, there could be a problem with active connection, if client, which connects to your computer, is behind of router, which does not do address translation. It means, when client sends it's IP address to client, it may send it's LAN IP address, which, of course, is not accessible from outside, and server will be unable to connect to that address. "Smart" routers are able to solve that situation. They are catching PORT commands, and substituting local IP addresses with external IP addresses, so, in this situation, all should be fine, but, if router of client does not do IP address translation, then there is no way that client can do data transfers with FTP server, unless it uses passive mode.

Passive mode works the following way:

1. Client indicates, that it would like to use passive mode, by sending PASV command;
2. Server allocates a port, and sends it's own IP address and port number to the client;
3. Client attempts to connect to that address, and if all is successful, then both client and server are ready to exchange the information.

And, if you want to handle passive mode, your firewall must be able to handle it, since your server will act as a server, listening on a random port. Again, some firewalls and routers are able to handle this situation, they are also doing network address translation, when sending back addresses, but some of them don't. In order to be ready for passive transfers, you have to set up some information with our FTP server. Go to Tools - Options - Advanced, and check a box Use Following Port Range for Passive transfers, and specify some port range, e.g. from 6010 to 6020, also, if your router does not do network translation, specify an external IP address of your router. Then, go to your firewall or router, and open (for firewall) or forward port ranges, specified in your FTP server, to your server computer. This should solve all problems.

But still, clients, who are behind of router, which does not do address translation, may have problems with all FTP servers, and they must use passive mode. There is no way the situation can be handled other way.

Q I can not access my FTP server using web browser, unless I have enabled anonymous access. How do I specify user name and password in a URL?

A Use following syntax:

        ftp://username@ftp.domain.com
        

you will be prompted for password. Or:

        http://username:password@ftp.domain.com
        

In this case, you will access your server directly.

Q If I assign a user a home directory with a mapped network drive, or a network drive (\\computername\data), or use shortcut to a network drive, the directory listings do not show up in the FTP window. What is wrong?

A This problem was fixed, starting from v1.4.0.9 (April 11 2003 release).

Server allows local windows login, which means, server will be able to see resources, avaialble to specific Windows user, these resources include network resources. See the help file, included with FTP server. Look for Windows Login. To upgrade to the latest version, follow this link.

Q I am behind of firewall. I opened port 21 for FTP but I am having problems with receiving files and directory listings from my server. Which additional ports should I open on my firewall?

A It is not enough for FTP to provide an access just to port 21. Port 21 is used only for control connections (sending login information, changing directories and so on), while, for data connections (directory listings and file transfers) is uses available ports on a server computer. So, you need to open more ports, more than one (21).

It would be the best not to use firewall, you will have less problems, but if you still want to use it, make sure that you are using FTP server, version 1.4.0.0 or higher, then, go to Tools - Options - Advanced, check Use Following Ports for Data Transfers box, and specify certain range of ports, e.g. 9090 low and 9099 high. Then, go to your firewall, and open ports between 9090 - 9099.

But, it is still not enough. When connecting to server, you must use FTP client, which supports passive transfers, and enable passive transfers for connections with your server (for example, in Internet explorer, you do it by going to Tools - Internet Options - Advanced, and putting a checkmark in Use Passive FTP box).

Again, if you are using firewall, you MUST use browser, which supports passive transfers.

Got a question not answered here? Contact us.