Are you preparing to build your own ftp website? Do you know how FTP works? Do you know what port mode is? What is PASV? If you do not know, or are not fully familiar with it, please sit down and spend a little time reading this article carefully. Article . The so-called cutting power without mistake, master these basic knowledge, will make you get twice the result with half the effort. Otherwise, it is very likely that nothing will happen after several days.
Basic FTP knowledge
FTP is short for File Transfer Protocol (file transfer protocol), used to transfer files between two computers. The FTP protocol is much more complex than HTTP. The reason for the complexity is that the FTP protocol requires two TCP connections. One is the command link used to transmit commands between the FTP client and the server, and the other is the data link used to upload or download data.
The FTP protocol can work in two ways: Port and PASV. The Chinese meaning is active and passive.
The active connection process is that the client sends a connection request to the FTP port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the client uses the PORT command on the command link to tell the server: "I opened port XXXX and you came to connect to me ". The server sends a connection request from Port 20 to port XXXX of the client and establishes a data link to transmit data.
PASV (passive) connection process: the client sends a connection request to the FTP port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the server uses the PASV command on the command link to tell the client: "I opened port XXXX, and you came to connect to me ". Therefore, the client sends a connection request to port XXXX of the server and establishes a data link to transmit data.
From the above, we can see that the two methods of command link connection are the same, while the data link Construction Cube Method is completely different. This is the complexity of FTP.
Notes on FTP Server
1. the FTP server uses a public IP address and a public dynamic domain name; or an intranet IP address. Use the truehost of the Intranet Professional Edition.
1. If the server is installed with a firewall, remember to open the ftp port on the firewall (default: 21 ).
2. All FTP server software supports port mode. Most FTP server software supports PASV. FTP server software that supports PASV mode can also be set to work only on port mode.
3. In order for the PASV method to work normally, you need to specify the available port range (setting method) for the PASV method on the FTP server software ). In addition, you must open these ports on the server's firewall. When the client connects to the server in PASV mode, the server selects a port in the port range to connect to the client.
2. the FTP server uses the Intranet IP address and uses the Intranet dynamic domain name Standard Edition cmxnatproxy
In this case, the FTP server does not require special settings, as long as PASV mode is supported. Most FTP server software supports PASV.
FTP client considerations
Note: log on to the FTP server in PASV or port mode, and select the FTP client instead of the FTP server.
1. The client only has an intranet IP address and no public IP address.
From the above basic FTP knowledge, we can see that if the port method is used, because the client does not have a public IP address, FTP will not be able to connect to the client to establish a data link. Therefore, in this case, the client must use PASV to connect to the FTP server. Most FTP webmasters find that someone on their servers can log on and someone cannot log on. A typical error is that the client does not have a public IP address, however, ie is used as the FTP client to log on (ie uses port by default ).
As an FTP webmaster, it is necessary to master the basic FTP knowledge and then instruct your friends how to log on to your FTP correctly.
2. The client has a public IP address, but a firewall is installed.
If PASV is used to log on to the FTP server, the client sends a connection request to the server when establishing the data link. In turn, if you log on to the FTP server using port mode, because the server sends a connection request to the client when establishing a data link, the connection request will be blocked by the firewall. If you want to log on to the FTP server using port, open the high-end port above 1024 on the firewall.
3. PASV must be used to connect the FTP service built with the Intranet Standard Edition cmxnatproxy. Connect to any Internet FTP server or an FTP server built with the Intranet professional truehost. The port mode and PASV mode can be used.
Of course, the above two conditions must be met when port is used.
4. Common FTP client software port mode and PASV mode switching methods.
Most FTP clients use PASV by default. Ie uses port by default.
In most FTP client settings, the common words are "PASV" or "passive mode", and the words "Port" or "Active Mode" are rarely seen. There are only two FTP logon methods: Port and PASV. Canceling the PASV method means using the port method.
IE:
Tools> Internet Options> advanced> Passive FTP (supported only after ie6.0 or later ). If you cannot find this option, see the image.
CuteFTP:
Edit-> setting-> connection-> firewall-> "PASV mode"
Or
File-> site manager, select site on the left-> edit-> "use PASV mode"
Flashget:
Tools> Options> Proxy Server> direct connection> Edit> PASV Mode"
Flashfxp:
Option-> Parameter Selection-> proxy/Firewall/ID-> "use passive mode"
Or
Site Management-> corresponding site-> Option-> "use passive mode"
Or
Fast connection-> switch-> "use passive mode"
Leechftp:
Option-> firewall-> do not use
5. Try not to use IE as the FTP Client
IE is just a rough FTP client tool. First, versions earlier than ie6.0 do not support PASV. Second, ie cannot see the logon information when logging on to FTP. The cause of the error cannot be found when a logon error occurs. We strongly recommend that you do not use IE when testing your FTP website.
Detailed configuration process of FTP site creation
Please refer to the instructions on this page to configure:
Use Serv-U to create an FTP website
Advanced topic
1. Why can I log on to FTP using port without a public IP address?
The NAT Gateway works by finding the source address and source port of the LAN in the packet header of the TCP/IP packet and replacing it with the gateway address and port. The contents in the data packet will not be changed. When using port to log on to FTP, the IP address and port information are contained in the packet, rather than in the packet header. Therefore, data cannot be downloaded from the FTP server on the Internet using port without a public IP address.
However, a few Nat gateways also support the port mode. The content of these NAT Gateway packets is scanned. After the PORT command is scanned, the IP address and port in the port mode are replaced. In this NAT gateway, the port method is no problem. However, these gateways only scan data packets on port 21. If the FTP server does not use the default port 21, the port method cannot be used.
2. The Intranet can use port to access other ftp. Why can't I use port to access my truehost FTP?
The question to be discussed below is only to illustrate some principles without affecting actual use. If you are not interested in exploring these principles, you do not have to take the time to read them.
Intranet users access the FTP server built on their own machine using truehost through Port-based NAT Gateway. The FTP command link is established as follows:
FTP Client
10.10.0.1
Port XXX <=> isp nat Gateway
61.144.1.2
Port XXXX <=> th Server
X. x
Port 21 <==> th client <==> user FTP Server
10.10.0.1
Port 21
The FTP client connects to port 21 of the user's local FTP server through the NAT gateway of the ISP, The kemai truehost server, and the truehost client.
When you need to download data, the FTP client sends the PORT command to the FTP server through this command link. Assume that the command is:
Port 256, 7684, (IP = 10.10.0.1 Port = 30 * + 4 =)
When the command uses the ISP's NAT gateway, the NAT Gateway determines that the destination port is 21 and is a PORT command. Therefore, modify the IP address and port in the command, replace it with your own IP address and port, for example:
Port 61,144, 256, 50, 6 (IP = 61.144.1.2 Port = 50*12806 + 6 =)
The user's FTP server finally receives the PORT command above. Therefore, the FTP server sends a connection request to the IP address and port to establish a data link. Figure:
User FTP Server
10.10.0.1
Port 20 <=> isp nat Gateway
61.144.1.2
Port 12806 <=> FTP Client
10.10.0.1
Port 7684
However, the public IP address of the NAT gateway can only receive external connection requests. That is to say, 61.144.1.2: 12806 can only receive connection requests from other public IP addresses. connection requests initiated from within NAT (10.10.0.1: 20) cannot be established. Why? The reason is very simple, because Intranet IP addresses need to establish a NAT ing through NAT to access the Internet. Therefore, FTP data links cannot be established. Therefore, you cannot access your truehost FTP through port 21 on your machine.
Let's take a look at what will happen if the ftp port is not 21, for example 22? When the FTP client sends the PORT command, the NAT Gateway detects that the target port is 22, because the NAT gateway that supports port only monitors packets whose destination port is 21, the data packet whose destination port is 22 is found to be completely released without any processing. The PORT Command received by the FTP server is still port, 10. The FTP server sends a connection request to the IP address and port. Figure:
User FTP Server
10.10.0.1
Port 20 <=> FTP Client
10.10.0.1
Port 7684
In this case, the command link can be established. The connection speed is equal to that of the local machine.
In conclusion, Intranet users cannot access their truehost FTP server through port 21. If the ftp port is not 21, it can be accessed and the local machine is actually connected.
The above text is just to illustrate some principles without affecting actual use. If the local machine accesses the local machine and FTP is required, it will be superfluous.