FTP supports two modes. These modes are called Standard (or PORT or Active) and Passive (or PASV). The Standard mode FTP client sends PORT commands to the FTP server. The Passive mode client sends PASV commands to the FTP Server. These commands are sent over the FTP command channel when establishing the FTP session.
Standard mode FTP clients first establish a connection to TCP port 21 on the FTP server. This connection establishes the FTP command channel. The client sends a PORT command over the FTP command channel when the FTP client needs to send or receive data, such as a folder list or file. The PORT command contains information about which port the FTP client receives the data connection on. In Standard mode, the FTP server always starts the data connection from TCP port 20. The FTP server must open a new connection to the client when it sends or receives data, and the FTP client requests this by using the PORT command again.
Passive mode FTP clients also start by establishing a connection to TCP port 21 on the FTP server to create the control channel. When the client sends a PASV command over the command channel, the FTP server opens an ephemeral port (between 1024 and 5000) and informs the FTP client to connect to that port before requesting data transfer. As in Standard mode, the FTP client must send a new PASV command prior to each new transfer, and the FTP server will await a connection at a new port for each transfer.
You may have to change the mode that is used by the FTP client, depending on the firewall configuration on either the FTP client or the server. Microsoft Internet Explorer 5 and later versions support both Standard mode and Passive mode.
How to change the Internet Explorer FTP Client mode
- Start Internet Explorer.
- On the Tools menu, click Internet Options.
- Click the Advanced tab.
- Under Browsing, click to clear the Enable folder view for FTP sites check box.
- Click to select the Use Passive FTP (for firewall and DSL modem compatibility) check box.
- Click OK.
Troubleshooting
Many firewalls do not accept new connections through an external interface. The firewall detects these connections as unsolicited connection attempts and, therefore, drops them. Standard mode FTP clients do not work in this environment because the FTP server must make a new connection request to the FTP client.Firewall administrators may not want to use Passive mode FTP servers because the FTP server can open any ephemeral port number. Although Microsoft Internet Information Server (IIS) 4.0 and IIS 5.0 use the default ephemeral port range of 1024 through 5000, many FTP servers are configured with an ephemeral port range of 1024 through 65535. Firewall configurations that allow full access to all ephemeral ports for unsolicited connections may be considered unsecured.
You can configure both IIS 4.0 and IIS 5.0 to allow the ephemeral port range of 1024 through 65535.
For additional information about problems that you may have if you try to connect to TCP ports above 5000, click the article number below to view the article in the Microsoft Knowledge Base:
196271 Unable to Connect from TCP Ports Above 5000