Solution to FTP under ISA

Source: Internet
Author: User
Tags ftp ftp protocol

There are many people on the issue of FTP a lot, we refer to, discuss. My environment is as follows:

Server:isa Sp1,iis

Client:windows and XP, CuteFTP

This article mainly discusses the ISA and FTP on the same machine processing methods.

Most TCP services use a single connection, typically a client initiates a connection to a well-known port on the server, and then communicates using this connection. However, the FTP protocol is different, it uses multiple two-way connections, and the ports used are difficult to anticipate. Generally, FTP connections include:

A control connection (connection)

This connection is used to pass the client's command and the server-side response to the command. It uses the server's 21 port, and the lifetime is the entire FTP session time.

Several data connections (connection)

These connections are used to transfer files and other data, such as directory listings. This connection is established when data transfer is required, and once the data is transferred, the port used for each use is not necessarily the same. Furthermore, the data connection may be initiated either by the client or by the server side.

In the FTP protocol, the control connection uses well-known port 21, so the IP PACKET filter with ISA can be used for good security protection. Conversely, the destination port of a data transmission connection is generally not known, so it is difficult to handle such port forwarding. The FTP protocol uses a standard port of 21 as the Ftp-data port, but this port is used only for the connection's source address on the server side, and there is no listening process at all on this port. FTP Data connections and control the direction of the connection is generally the opposite, that is, the server to the client to initiate a connection for data transmission. The ports that are connected are determined by the server-side and the client. This feature of the FTP protocol adds a lot of difficulty to the configuration of ISA forwarding and firewall and NAT.

In addition, there is another FTP mode, called passive mode (passive mod). In this mode, the data connection is initiated by the client, contrary to the pattern discussed earlier (we can call it active mode). Whether to take passive mode depends on the client program, and the passive command on the FTP command line enables passive mode to be turned off/on.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.