login about faq

We have checked the notes and website but are still not having any luck when the product is run behind a stateful firewall.

The issue we are having is that Yahoo(our FTP host) just forced us to use FTPS with TLS authentication. This of course is encrypting everything so we are calling the CCC. I am still getting reports that when the program is initiated behind a Cisco ASA firewall the negotiated ports are across the ENTIRE range (up to 64,000).

One of my customers has done testing and the ONLY way he can get our packets through it to open all internal ports of the computer (ip) that is generating the request. That is not a permanent solution for him of course.

We believe that we are running passive mode. Is there any way to have the initial connection set to port 21 (std ftp) and then have the negotiated ports forced into a range (3000-3010) or something? This way I can have a defined set of ports for the firewall rules to be set and pass.

asked Mar 15 '13 at 09:15

chilkat's gravatar image

chilkat ♦♦
11.8k316358421


See this Chilkat blog post relating to determining FTP connection settings.

Also, please note that in Passive mode, it is the FTP server that chooses the port for the data connection. If non-passive (also known as "active" mode) is instead used, then Chilkat provides two properties for controlling the port range: ActivePortRangeStart and ActivePortRangeEnd.

Passive vs. Active modes are explained below:

Active Mode: The FTP client chooses a port number and sends a "PORT" command to the FTP server. The FTP client then listens at the chosen port and the FTP server issues a connect request to establish the connection. The data connection is outgoing from the FTP server, and incoming to the FTP client.

Passive Mode:The FTP client sends a PASV command to the FTP server. The FTP server chooses a port number and sends it in the PASV response. The FTP server then listens at that port for the incoming connect request from the FTP client. The data connection is incoming to the FTP server, and outgoing from the FTP client.

link

answered Mar 15 '13 at 09:20

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Thank you for your quick response. We tried using active mode to specify the port range but were unsuccessful. Do you have a code example of an active connection that is established then the data ports set to a range? We are coding in VB6 currently.

link

answered Mar 15 '13 at 09:57

Tee's gravatar image

Tee
1

The code example would be nothing more than setting the properties to specific values. I couldn't tell you what port range to use because it would be specific to your case. Please read the information at http://www.cknotes.com/?p=282 very carefully. Data connection issues have been discussed on the blog and in the forum ad-nauseum, and only solution to these kinds of problems really involves a complete understanding of the system and network infrastructures at BOTH client and server ends w.r.t. whatever might be blocking TCP connections.

(Mar 15 '13 at 10:39) chilkat ♦♦

Have had the same problem as setting the start and end does nothing.

link

answered Mar 21 '13 at 15:46

cdlvj130's gravatar image

cdlvj130
9691017

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×90
×6
×6
×1

Asked: Mar 15 '13 at 09:15

Seen: 7,049 times

Last updated: Mar 21 '13 at 15:46

powered by OSQA