Port 20 and 21 2

[sera]

Ok here is one for ya'll out there...

I have a Windows 2000 Server Service Pack 3 box that I am using port 21 for ftp. I have tested the ftp functionality and determined that it works. I swear that I don't have port 20 open....it is not showing up on vulnerability scans, it is not showing up when I run netstat -a...but 21 is. Do I need both of them in order for my FTP to work properly?



Sera
I often believe that...
My computer is possessed!

 

[mwood60098]

Sera,

I'm pretty sure you need both ports (20 & 21) open for FTP to work correctly.

FTP clients usually use two ports: port 20 for the Data Connection, and port 21 for the Control Connection.

HTH,

Woody

"Don't let education get in the way of learning"

 

[sera]

Woody...
Have you ever tried it without port 20? I am really interested in more than "I believe"....I mean how am I getting it to work when I don't have 20 open. I know it is a possibility that "I don't know that I have it open", but I tell ya...I am pretty dang sure I don't.



Sera
I often believe that...
My computer is possessed!

 

[Marcs41]

Port 20 is the 'return' port for 21, so it needs to be open outgoing, not incoming.

Marc
_{If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!}

 

[sera]

That is a good answer. Thank you, I was looking for an answer like this. Pheww I am not crazy.....well at least as far as this issue is concerned.
Thanks again,
Sera

Sera
I often believe that...
My computer is possessed!

 

[Marcs41]

You're welcome

 

[sera]

Heres hoping you are out there marc....
Can you tell me how this refers to what you are saying? I am not sure I can make the connection. It looks like port 20 is needed for active connections...check this kb article out...

http://support.microsoft.com/defaul...port/kb/articles/Q283/6/79.asp&NoWebContent=1

I guess I am wondering how an active connection equates to outgoing? Please let me know if this does not make sense because I am very interested in obtaining an answer.


Sera
I often believe that...
My computer is possessed!

 

[Marcs41]

Port 20 is indeed for active connections, the link says, in a long way, the same thing.
A FTP request comes in on Port 21, and the server will respond through 20, for the LIST command.
You will also have dynamic ports for transfer itself.
The rest is a difference between passive and active FTp.
Passive is used when the FTP server is on an internal LAN, and as such has no WAN-IP.

 

[sera]

Thank you. Well that answers my question nicely. Which poses another question that you may be able to answer.

I know that when I connect to the server using ftp, I can configure my client software to not allow passive connection.

Can I configure the server to force all connections to be active?


Sera
I often believe that...
My computer is possessed!

 

[Marcs41]

Depends on the FTP server. If it has an internal LAN address, and you don't tell it to propagate the WAN address, then a 'passive' client will never get the return, as the returned (internal) IP does not match the internet IP.
If it has a WAN address, it's more difficult, since the addresses will match. However, if that is the case, AND you know who will connect, you can change the default ports, so that FTP scanners don't get through.

By default, if on a LAN, it will not pass Passive info anyway.