Are you going to set up your own FTP website? Do you know how the FTP protocol works? Do you know what the port mode is? What is the PASV way? If you don't know, or don't fully grasp, please sit down and take a moment to read this article carefully. As the saying goes, sharpening a knife does not mistake a woodcutter. Mastering these basic knowledge will make you get twice the result with half the effort. Otherwise, it is very likely that we will toss about for a few days and finally achieve nothing.
Basic knowledge of FTP
FTP is the abbreviation of file transfer protocol, which is used to transfer files between two computers. Compared with HTTP, FTP protocol is much more complicated. The complicated reason is that FTP protocol needs two TCP connections, one is command link, which is used to transfer commands between FTP client and server; The other is a data link, which is used to upload or download data.
FTP protocol has two working modes: port mode and PASV mode, which means active and passive in Chinese.
The process of port (active) connection is that the client sends a connection request to the FTP port of the server (2 1 by default), and the server accepts the connection and establishes a command link.
When data needs to be transmitted, the client uses the port command on the command link to tell the server: "I have opened the * * * * port, please come and connect me". So the server sends a connection request from port 20 to port * * * of the client, and establishes a data link to transmit data.
PASV (passive) connection process is: the client sends a connection request to the FTP port of the server (2 1 by default), and the server accepts the connection and establishes a command link.
When data needs to be transmitted, the server tells the client with the PASV command on the command link: "I have opened the * * * * port, come and connect me". So the client sends a connection request to the * * * port of the server, and establishes a data link to transmit data.
As can be seen from the above, the connection mode of command link is the same in the two modes, but the establishment mode of data link is completely different. This is the complexity of FTP.
Matters needing attention on FTP server side
First, the FTP server is a public IP with a public dynamic domain name; Or intranet IP, using intranet professional TrueHost.
1. If a firewall is installed on the server, please remember to open the FTP port on the firewall (default is 2 1).
2. All FTP server software supports port mode. As for PASV mode, most FTP server software supports it. FTP server software supporting PASV mode can also be set to work only in port mode.
3. In order to make PASV mode work normally, it is necessary to specify the available port range (setting method) of PASV mode on FTP server software. In addition, open these ports on the firewall of the server. When the client connects to the server in PASV mode, the server will select a port from this port range to connect to the client.
Second, the FTP server is an intranet IP, using the standard intranet dynamic domain name cm * natpro * y.
In this case, the FTP server does not need special settings, as long as it supports PASV mode. Most FTP server software supports PASV mode.
Precautions for FTP clients
Please note: whether to log in to FTP server through PASV or port depends on FTP client, not FTP server.
First, the client only has intranet IP, and there is no public IP.
From the above basic knowledge of FTP, it can be seen that if the PORT method is used, FTP will not be able to establish a data link with the client because the client has no public IP. Therefore, in this case, the client must use PASV to connect to the FTP server. Most FTP webmasters find that some people can log on to their servers, while others can't. The typical error reason is that the client does not have a public IP, but uses IE to log in as an FTP client (IE uses port mode by default).
As an FTP webmaster, it is necessary to master the basic knowledge of FTP, and then guide friends how to log in to your FTP correctly.
Second, the client has a public IP, but a firewall is installed.
If you log in to the FTP server in PASV mode, there will be no problem, because the client will send a connection request to the server when establishing a data link. On the other hand, if you log in to the FTP server through the port, the server will send a connection request to the client when the data link is established, and the connection request will be intercepted by the firewall. If you want to log in to the FTP server through a port, please open a high-end port above 1024 on the firewall.
Thirdly, the FTP service established by the standard version of the intranet cm*natpro*y must be connected through PASV. Port mode and PASV mode can be used to connect to any public FTP server or FTP server built with intranet professional TrueHost.
Of course, when using port mode, the above two conditions must be met.
Four, the common FTP client software port mode and PASV mode switching method.
By default, most FTP clients use PASV. IE uses port mode by default.
In most FTP client settings, the common words are "PASV" or "passive mode", and the words "port" or "active mode" are rarely seen. Because FTP has only two login methods: port and PASV, canceling PASV means using port.
Namely:
Tools-> Internet options-> Advanced-> "use passive FTP" (IE6.0 or above is required).
CuteFTP:
Edit-> Settings-> Connect->; Firewall-> "PASV mode"
or
File-> Site Manager, select the site on the left-> Edit-> "Use PASV mode"
FlashGet:
Tools-> Options-> Proxy server->; Direct connection->; Edit-> "PASV mode"
FlashFTP:
Options-> Parameter selection->; Agent/firewall/logo-> "Use passive mode"
or
Site management->; Corresponding site-> Options-> "Use passive mode"
or
Quick connection->; Switch->; "Use passive mode"
LeechFTP:
Options->; Firewall-> Do not use
Please try not to use IE as an FTP client.
IE is just a rough FTP client tool. First of all, the version below IE6.0 does not support PASV mode; Secondly, IE can't see the login information when logging in to FTP. When there is an error in login, the cause of the error cannot be found. When testing your own FTP site, it is strongly recommended not to use IE.
Detailed configuration process of FTP website establishment
Please refer to the instructions on this page for configuration:
Using Serv-U to establish FTP website
Advanced theme
First, why can I log in to FTP through the port without using public IP?
The working mode of NAT gateway is to find the source address and port of local area network in the header of TCP/IP packet and replace it with the address and port of gateway. The contents of the packet will not change. However, when using PORT to log in to FTP, the IP address and port information are in the packet, not in the header. Therefore, if there is no public IP, you can't use the port method to download data from the ftp server on the internet.
However, some NAT gateways also support port mode. These NAT gateways even scan the contents of packets, and after scanning the port instructions, they will replace the IP and port in port mode. Under this NAT gateway, it is no problem to use the port mode. However, these gateways only scan packets on port 2 1. If the FTP server does not use the default port 2 1, it cannot use port mode.
Second, the intranet can use PORT to access other FTP, why can't it use PORT to access its own TrueHost FTP?
The problems to be discussed below are just to illustrate some principles and do not affect the actual use. If you are not interested in delving into these principles, don't take the time to read them.
Intranet users access their own FTP server established by TrueHost through NAT gateway supporting port mode. The process of establishing FTP command link is as follows:
FTP client
10. 10.0. 1
Port * * *
6 1. 144. 1.2
Port * * * * < = >; TH server
*.*.*.*
Port 2 1
10. 10.0. 1
Port 2 1
The FTP client connects to port 2 1 of the FTP server of the user's computer through the ISP's NAT gateway, Mike TrueHost server and TrueHost client.
When data needs to be downloaded, the FTP client sends a port command to the FTP server through this command link. Suppose the command is:
Ports 10, 10,0, 1, 30,4 (i.e. IP =10.1port = 30 * 256+4 = 70.
When the command passes through the ISP's NAT gateway, the NAT gateway judges that the destination port is 2 1 and it is a port command, so it modifies the IP and port in the command and replaces it with its own IP and port, such as:
Ports 6 1, 144, 1, 2,50,6 (i.e. IP = 61.144.1.2 port = 50 * 256+6 =
The user's FTP server finally receives the above PORT command. Therefore, the FTP server sends a connection request to the IP and port to establish a data link.
User FTP server
10. 10.0. 1
Port 20
6 1. 144. 1.2
Port 12806
10. 10.0. 1
Port 7684
However, because the public IP of NAT gateway can only receive external connection requests. That is to say, 61.144.1.2:12806 can only receive connection requests from other public IP networks. Why is the connection request (10.10.0.1:20) initiated from within NAT? The reason is very simple, because the internal IP must be mapped through NAT to access the external network. Therefore, the FTP data link cannot be established. As a result, users cannot access their own TrueHost FTP through port 2 1 on their own machines.
Let's take another look. What if the FTP port is not 2 1, such as 22? When the FTP client sends the PORT command, the NAT gateway detects that the destination port is 22, because the NAT gateway supports that the port only listens to the packet with the destination port of 2 1, and the packet with the destination port of 22 is found, and it is completely released without any processing. Therefore, the port commands received by the FTP server are still ports 10, 1 0,0,1,30,4. So the FTP server sends a connection request to this IP and port.
User FTP server
10. 10.0. 1
Port 20
10. 10.0. 1
Port 7684
In this case, a command link can be established. And it is equivalent to connecting this machine with this machine, which is very fast.
To sum up, intranet users cannot access their own TrueHost FTP server through port 2 1. If the FTP port is not 2 1, you can access it. In fact, this machine is connected to this machine.
The above text is only to illustrate some principles and does not affect the actual use. If this machine accesses this machine through FTP, it is redundant.