Passive FTP instead of Active FTP

Question

Hi

I have a client you cannot use Active FTP connections because they are limited by the interface applications. The issue i have is I have Active set up fine but cannot fathom why my passive FTP will only times out.

I have followed this article http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/ and still have no joy.

The first question is should I be letting the client use a passive connection? is it as secure as active as I would have to allow far more ports with a passive connection.

The second question is why would th FTP be timing out with the rules to allow it being set up on the firewall?

Answer 1

Not so familiar with iis7 but I can help you on some issues.

Passive vs Active ftp connection. When active, it means that the server contacts the client, the client chooses a port that will be used to transfer data and then sends it back to the server to use. Passive is used when people are behind a firewall for example and it means that the client doesn't choose a port but rather the server does that and the clients connect to it.

In short, if client doesn't allow for the server to initialize the connection then passive mode is used. More information here.

Doesn't matter if the connection is passive or active, the security is the same.

On why does it timeout is a bit hard. There may be several timeout settings, one for active and one for passive connections. There may also be other set of rules that override the ones you are using etc...