200 PORT command successful.
425 Can't build data connection: Connection refused When I remove the packet filtering option, it works fine. What am I missing here!?!
When you establish a connection to an FTP server the actual port numbers used vary a great deal. There are two types of FTP connection and they are described below: Active FTP Operation The active mode of operation is less secure than the passive mode. This mode of operation complicates the construction of firewalls, because the firewall must anticipate the connection from the FTP server back to the client program. The steps of this mode of operation are discussed below:
- The client opens a control channel (port 21) to the server and tells the server the port number to respond on. This port number is a randomly determined port greater than 1023.
- The server receives this information and sends the client an acknowledgement "OK" (ack). The client and server exchange commands on this control connection.
- When the user requests a directory listing or initiates the sending or receiving of a file, the client software sends a "PORT" command that includes a port number > 1023 that the client wishes the server to use for the data connection.
- The server then opens a data connection from port 20 to the client's port number, as provided to it in the "PORT" command.
- In passive FTP, the client opens a control connection on port 21 to the server, and then requests passive mode through the use of the "PASV" command.
- The server agrees to this mode, and then selects a random port number (>1023). It supplies this port number to the client for data transfer.
- The client receives this information and opens a data channel to the server assigned port.
- The server receives the data and sends an "OK" (ack).
This was first published in June 2001