The working mode of two-right separate FTP

The working mode of two-right separate FTP

Working environment:

ADSL---(219.154.214.150) NAT (10.41.221.2)-----PC (10.41.221.6/ftpserver)

1, map 21 port to pc,pc install FTP service serv-u, with Serv-u is because he can easily set up FTP two working modes. The external network initiates the connection as an example.

Port mode can be connected, unable to list directory

PASV way to connect, can't list directory

Analysis: FTP supports two modes. Both of these patterns are called "standard" (or port, or "active") and "passive" (or PASV). Standard mode The FTP client sends the port command to the FTP server. The passive mode client sends the PASV command to the FTP server. These commands are sent through the FTP command channel when an FTP session is established.

2 Modes The FTP client will establish a connection to TCP port 21 on the FTP server. The customer chooses a port greater than 1024 to initiate the connection, and this connection establishes the FTP command channel. The directory cannot be listed because FTP uses a different channel to pass data, and this is where FTP differs from HTTP services, and HTTP requires a channel.

2, and then map 20 ports to pc,serv-u the default way is port.

Port mode can connect, also can list directory, can download files

PASV Way to connect, unable to column directory download files

Analysis: Port mode: When the FTP client needs to receive data (such as a folder list or file), the client sends the Port command via the FTP command channel. This port command contains information about which port the FTP client receives data on, such as 3328. Next, the PC initiates a connection to the 3328 user port from TCP port 20, which is a new connection that may be blocked by the client firewall. It can be seen that the server with 20-port "active" Connection customer specified port, so the port is also called the active way. There are 2 features in this mode:

1 The customer is a dynamic port, and the server is using fixed port 20, and the server initiates the active new connection.

2 in the entire process of connecting the server to the FTP client, the control channel is always connected, and the data transmission channel is established temporarily.

The PASV way cannot be reached because the PASV requires the server to connect with a dynamic port, which is typically between 1024-5000 and the user initiates the connection, although the PC opens this port to wait for the connection, but NAT does not map so much port, so the communication is interrupted.

3 Turn off the 20-port mapping, and then map 10001-10004 to PC

Port way can connect, can't list directory, can't download file

PASV way to connect, can't list directories, can't download files

Serv-u is really handsome. Set 10001-10004 in the Settings (Advanced) option, and then start passive mode so that you can establish a connection.

Analysis:

Long Moon stars have done this experiment, the process and analysis of the experiment by Microsoft included in the official website of Microsoft, but through my experiments, I found out that he had an incomplete understanding because he did experiments directly on the 2 computers he could meet, and I did it by using NAT, and I could see the problem.