1

Essentially I have an issue with my Firewall causing my Application to hang when trying with storing files with FTP.

I found out that it had to do with my Firewall allowing access through the ports.

I set my connection port to 21( which I beileve is also the default), and set 

ftp.enterLocalPassiveMode();

I tried to allow access through port 21 on my firewall,but it did not work.

I noticed that if I would try to log

ftp.getPassivePort();

it would be a random port for each item uploaded, usually in the 30k-50k range.

My application does allow for "Active" mode, but since this is an application that will be used by many users, it seems "Passive" is more preferred, but users might possibly run into the same error as I am.

So the only thing I can think of is

  1. somehow allowing for a range on my firewall**(which I don't see an option for a range, as the other values are all single ports)**

  2. Find someway to use a single passive port if that is what it's going through (which seems to be the case)

  3. Don't use Passive Mode. It seems that Passive is recommended on many posts, but I'm not sure why it's fully needed, and why active wouldn't be preferred?

According to http://wiki.apache.org/commons/Net/FrequentlyAskedQuestions

You can call FTPClient.enterLocalPassiveMode() to enable passive mode. From then on, FTPClient will take care of issuing a PASV command each time it opens a data connection until you change the data connection mode by calling enterLocalActiveMode() or you close the connection. I am curious if anyone has any idea what my best course of action should be? I'm not sure if this is a programming problem, or more suited for another "Stack Community?"

So it seems that it's initially in Active mode.

Thanks for any help!

XaolingBao
  • 1,034
  • 1
  • 18
  • 34
  • 1
    Active/passive mode is for a *second* port, the data port. Port 21 is the control port. – user207421 Mar 25 '16 at 09:10
  • Thanks, I'm reading this post now http://stackoverflow.com/questions/1699145/what-is-the-difference-between-active-and-passive-ftp I had read before that they are separate, but I guess I didn't realize their connections would be. According to that comment,. Passive mode is specifically for Firewall related problems so, what could my issue be then? It says we tell the ports on the client, I'm trying to find a method that would relate to that. – XaolingBao Mar 25 '16 at 09:16
  • Active mode requires the client to allocate a listening port, which presents firewall problems and is basically obsolete. Passive mode requires the server to allocate another listening port. – user207421 Mar 25 '16 at 10:54
  • Thanks, but for some reason in Passive mode I am still having a firewall issue. If I "Monitor all ports" it will hang, but if I do "monitored selected ports" with the default list, it will work. So why is there an issue with the monitoring... I tried to allow everything in the "Packet Rules" but nothign... – XaolingBao Mar 25 '16 at 11:52
  • I don't know anything about your firewall, but the PASV command requires the server to listen on a new port and return it in the reply. It will be an ephemeral port and it will need to be open. I have firewall permission for the FTP server to listen at any port. – user207421 Mar 26 '16 at 00:38
  • Some resources for explaining active/passive FTP data transfers, and why passive transfers are recommended: http://slacksite.com/other/ftp.html, and [Firewall Friendly FTP RFC](https://tools.ietf.org/html/rfc1579). – Castaglia Apr 04 '16 at 17:59
  • Thnaks will check it out :). The issue is... why am ?I having issues with PASSIVE? – XaolingBao Apr 04 '16 at 21:17

0 Answers0