Note: log on to the FTP server in PASV or port mode, and select the FTP client instead of the FTP server.
1. The client only has an intranet IP address and no public IP address.
From the above basic FTP knowledge, we can see that if the port method is used, because the client does not have a public IP address, FTP will not be able to connect to the client to establish a data link. Therefore, in this case, the client must use PASV to connect to the FTP server. Most FTP webmasters find that someone on their servers can log on and someone cannot log on. A typical error is that the client does not have a public IP address, however, ie is used as the FTP client to log on (ie uses port by default ).
As an FTP webmaster, it is necessary to master the basic FTP knowledge and then instruct your friends how to log on to your FTP correctly.
2. The client has a public IP address, but a firewall is installed.
If PASV is used to log on to the FTP server, the client sends a connection request to the server when establishing the data link. In turn, if you log on to the FTP server using port mode, because the server sends a connection request to the client when establishing a data link, the connection request will be blocked by the firewall. If you want to log on to the FTP server using port, open the high-end port above 1024 on the firewall.
3. PASV must be used to connect the FTP service built with the Intranet Standard Edition cmxnatproxy. Connect to any Internet FTP server or an FTP server built with the Intranet professional truehost. The port mode and PASV mode can be used.
Of course, the above two conditions must be met when port is used.
4. Common FTP client software port mode and PASV mode switching methods.
Most FTP clients use PASV by default. Ie uses port by default.
In most FTP client settings, the common words are "PASV" or "passive mode", and the words "Port" or "Active Mode" are rarely seen. There are only two FTP logon methods: Port and PASV. Canceling the PASV method means using the port method.
IE:
Tools> Internet Options> advanced> Passive FTP (supported only after ie6.0 or later ). If you cannot find this option, see the image.
CuteFTP:
Edit-> setting-> connection-> firewall-> "PASV mode"
Or
File-> site manager, select site on the left-> edit-> "use PASV mode"
Flashget:
Tools> Options> Proxy Server> direct connection> Edit> PASV Mode"
Flashfxp:
Option-> Parameter Selection-> proxy/Firewall/ID-> "use passive mode"
Or
Site Management-> corresponding site-> Option-> "use passive mode"
Or
Fast connection-> switch-> "use passive mode"
Leechftp:
Option-> firewall-> do not use
5. Try not to use IE as the FTP Client
IE is just a rough FTP client tool. First, versions earlier than ie6.0 do not support PASV. Second, ie cannot see the logon information when logging on to FTP. The cause of the error cannot be found when a logon error occurs. We strongly recommend that you do not use IE when testing your FTP website.
Detailed configuration process of FTP site creation
Please refer to the instructions on this page to configure:
Use Serv-U to create an FTP website
Advanced topic
1. Why can I log on to FTP using port without a public IP address?
The NAT Gateway works by finding the source address and source port of the LAN in the packet header of the TCP/IP packet and replacing it with the gateway address and port. The contents in the data packet will not be changed. When using port to log on to FTP, the IP address and port information are contained in the packet, rather than in the packet header. Therefore, data cannot be downloaded from the FTP server on the Internet using port without a public IP address.
However, a few Nat gateways also support the port mode. The content of these NAT Gateway packets is scanned. After the PORT command is scanned, the IP address and port in the port mode are replaced. In this NAT gateway, the port method is no problem. However, these gateways only scan data packets on port 21. If the FTP server does not use the default port 21, the port method cannot be used.
2. The Intranet can use port to access other ftp. Why can't I use port to access my truehost FTP?
The question to be discussed below is only to illustrate some principles without affecting actual use. If you are not interested in exploring these principles, you do not have to take the time to read them.
Intranet users access the FTP server built on their own machine using truehost through Port-based NAT Gateway. The FTP command link is established as follows:
FTP Client
10.10.0.1
Port XXX <=> isp nat Gateway
61.144.1.2
Port XXXX <=> th Server
X. x
Port 21 <==> th client <==> user FTP Server
10.10.0.1
Port 21
The FTP client connects to port 21 of the user's local FTP server through the NAT gateway of the ISP, The kemai truehost server, and the truehost client.
When you need to download data, the FTP client sends the PORT command to the FTP server through this command link. Assume that the command is:
Port 256, 7684, (IP = 10.10.0.1 Port = 30 * + 4 =)
When the command uses the ISP's NAT gateway, the NAT Gateway determines that the destination port is 21 and is a PORT command. Therefore, modify the IP address and port in the command, replace it with your own IP address and port, for example:
Port 61,144, 256, 50, 6 (IP = 61.144.1.2 Port = 50*12806 + 6 =)
The user's FTP server finally receives the PORT command above. Therefore, the FTP server sends a connection request to the IP address and port to establish a data link. Figure:
User FTP Server
10.10.0.1
Port 20 <=> isp nat Gateway
61.144.1.2
Port 12806 <=> FTP Client
10.10.0.1
Port 7684
However, the public IP address of the NAT gateway can only receive external connection requests. That is to say, 61.144.1.2: 12806 can only receive connection requests from other public IP addresses. connection requests initiated from within NAT (10.10.0.1: 20) cannot be established. Why? The reason is very simple, because Intranet IP addresses need to establish a NAT ing through NAT to access the Internet. Therefore, FTP data links cannot be established. Therefore, you cannot access your truehost FTP through port 21 on your machine.
Let's take a look at what will happen if the ftp port is not 21, for example 22? When the FTP client sends the PORT command, the NAT Gateway detects that the target port is 22, because the NAT gateway that supports port only monitors packets whose destination port is 21, the data packet whose destination port is 22 is found to be completely released without any processing. The PORT Command received by the FTP server is still port, 10. The FTP server sends a connection request to the IP address and port. Figure:
User FTP Server
10.10.0.1
Port 20 <=> FTP Client
10.10.0.1
Port 7684
In this case, the command link can be established. The connection speed is equal to that of the local machine.
In conclusion, Intranet users cannot access their truehost FTP server through port 21. If the ftp port is not 21, it can be accessed and the local machine is actually connected.
The above text is just to illustrate some principles without affecting actual use. If the local machine accesses the local machine and FTP is required, it will be superfluous.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
