The following article introduces the two modes of FTP and some precautions and usage skills in practical work. I hope it will be helpful to you and discuss and communicate with you.
Here's a description of how these two methods work:
The Standard mode FTP client first establishes a connection with the TCP 21 port of the FTP Server, sends commands through this channel, and when the client needs to receive data,
Send the PORT command on the channel. The PORT command contains what port the client uses to receive data. When transmitting data, the server sends data through its own TCP 20 port.
The FTP server must establish a new connection with the client to transfer data.
Passive mode is similar to Standard mode when establishing a control channel. When the client sends a PASV command through this channel, the FTP server opens a
A random port between 1024 and 5000 and notify the client of the request to transmit data on this port, then the FTP server will transmit data through this port, this
Then the FTP server no longer needs to establish a new connection with the client.
The current FTP software, including versions above IE5, already supports these two modes. Generally, some FTP client software is better to set up. Generally, there is one
PASV options, such as CuteFTP, the transmission method has Standard and PASV options, you can choose by yourself, and if you want to set it to PASV mode in IE
You can select Tools Internet Options Advanced to enable Folder View for FTP sites, otherwise Standard Mode is used.
Many firewalls are not allowed to accept externally initiated connections when they are set up. Therefore, the Standard mode of FTP is often used in internal network machines to go out through the firewall.
It is limited when the TCP 20 from the server cannot establish a new connection with the client on the internal network, which causes it to not work. Of course, it can also be set up successfully.
The first rule to create is to allow the internal IP to connect to the port 21 of the external IP. The second rule is to prohibit the TCP 20 port of the external IP from connecting to the port of <1024 of the internal IP.
It is to prevent the regular port inside the external connection. The third method to verify whether the ACK is equal to 1. For this principle, see the three-way handshake of TCP connection establishment. So if it is safe to
It is very difficult to set it up. At this time, I think of the PASV mode. Because there is no need to establish a new connection, it will not involve the following problems. But administrators may not
I want to use PASV mode because the FTP server will open a random high port at this time. Although the port range in IIS4 and IIS5 is 10245000, many
The port range of FTP Server has reached 102465535 At this time, it has full access rights on this actively open random port. If IIS is also set to open
The port is 102465535 The specific method is as follows
1. regedt32
2. 找到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Edit Add Values
value Name: MaxUserPort Data Type: REG_DWORD value: 65534
Therefore, if you encounter a firewall or are afraid of configuration trouble, it is better to use the PASV mode, but if you really have high security requirements, it is recommended to use the Standard mode.