System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Possible to Enable PASSIVE FTP from server side ?

Stan_365
Frequent Advisor

Possible to Enable PASSIVE FTP from server side ?

Hi,

We have a data center and 22 branch offices, and 2 out of 22 offices have to use PASSIVE ftp for some reason. Is it possible to configure the FTP Server in data centre so that the ftp requests from these 2 sites will be PASSIVE automatically?
My FTP Server environment is: HP-UX 11.11, WU-FTPD 2.6.1,
Current status: if use a ftp tool which can enable PASSIVE mode, it is OK to ftp in these 2 sites from FTP server in data centre.

Many thanks,

Stan
13 REPLIES
Taifur
Respected Contributor

Re: Possible to Enable PASSIVE FTP from server side ?

Hi,

To enable or disable passive mode, you only need to enter "passive" at the ftp prompt; it will toggle back and forth.

For more explanation on passive mode, do a "help passive" at the ftp> prompt.

Cheers//
Taifur
Stan_365
Frequent Advisor

Re: Possible to Enable PASSIVE FTP from server side ?

Hi Taifur,

some FTP client tool doesn't support passive command, and my target is to set it in FTP SERVER side, not from the FTP Client.

Any way, thanks for your reply.
Steven Schweda
Honored Contributor

Re: Possible to Enable PASSIVE FTP from server side ?

> [...] have to use PASSIVE ftp for some
> reason.

Typically to get through some lame firewall.

> [...] Is it possible to configure the FTP
> Server in data centre so that the ftp
> requests from these 2 sites will be PASSIVE
> automatically?

You'd need to study the RFC more closely than
I ever have (or will) to be sure, but I
suspect not. The server responds to commands
sent from the client, and those commands are
different between normal and passive modes.
I believe that the client has total control
over which commands are used, so it also has
total control over the choice between normal
and passive mode.

On the other hand, it may (should?) be easy
to configure a typical FTP client to use
passive mode by default. The details would,
of course, depend on the (unspecified) FTP
client program.
Stan_365
Frequent Advisor

Re: Possible to Enable PASSIVE FTP from server side ?

Hi Steven,

I just hope someone tells me it is just a dream or a reallity at current FTP version. We do find some new features from the ftpaccess file in WU-FTPD 2.6.1 such as

passive address
passive ports

pasv-allow [ addrglob ...]
port-allow [ addrglob ...]

We don't know the exact meanings of them, we tried but didn't get the expected results.

Thanks,

Stan
Steven Schweda
Honored Contributor

Re: Possible to Enable PASSIVE FTP from server side ?

> We don't know the exact meanings of them,
> we tried but didn't get the expected
> results.

You may be expecting too much. As I read the
docs, these directives affect how the FTP
server responds to a request for a
passive-mode transfer, but that's primarily
to deal with a firewall on the server side of
things. They can't make the client request a
passive-mode transfer.

I still believe that the active-passive
choice is made by the client, and can not be
made by the server. But I'm always open to
a good counter-argument (or actual evidence).
Stan_365
Frequent Advisor

Re: Possible to Enable PASSIVE FTP from server side ?

Hi Steven,

We have experienced the following phases:
Phase 1
The users from these 2 sites reported thay can't ftp data, it return a 425 ERROR (can't built data connection:Connection time out). they use the ordinary ftp tool not supporting passive mode.
Phase 2
We helped the users from these 2 sites to ftp data in passive mode.
Phase 3
We have confirmed that the FTP Server in Window 8 in the data center can accept the active FTP from these 2 sites. And the production FTP server(HP-UX 11.11, WU-FTPD 2.4.2) can only work with the client side using passive mode with special ftp product.
Phase 4
we upgraded the WU-FTPD to the newest 2.6.1 in a testing server. now we have the new features but the problem is the same.

I will provide the detail info of the WIN FTP Server later.

Thanks,

Stan
Stan_365
Frequent Advisor

Re: Possible to Enable PASSIVE FTP from server side ?

Hi Steven,

Here is the WIN ftp server info:

OS:Windows Server 2003 R2 Standard edition
FTP: integrated in IIS 6.0

Rgds,

Stan,
Steven Schweda
Honored Contributor

Re: Possible to Enable PASSIVE FTP from server side ?

> The users from these 2 sites reported [...]

> We have confirmed [...]

This is all very interesting, but with my
weak psychic powers, I can't see what any of
this software is actually doing. A typical
command-line FTP client has a "verbose" mode
which would show the actual FTP commands sent
and responses received. (Some, if not all,
fancy-GUI FTP clients can record this info,
too.) A transcript showing all that for good
and bad cases might be interesting and/or
informative. (You're allowed to hide the
user names and passwords, of course.)

> [...] The details would,
> of course, depend on the (unspecified) FTP
> client program.

True here, too.
Andrew C Fieldsend
Respected Contributor

Re: Possible to Enable PASSIVE FTP from server side ?

According to RFC959 (the original FTP RFC), "All FTP implementations must support use of the default data connection ports, and only the User-PI may initiate the use of non-default ports." In other words, it's entirely up to the client whether or not it should use passive mode, by issuing the PASV FTP command.

Also, not all clients support passive mode, so the server couldn't force it for those clients even if it were allowed to.
Stan_365
Frequent Advisor

Re: Possible to Enable PASSIVE FTP from server side ?


I will close this case in a few days as the result is certain.

Why I had expected so much from the FTPD is that the TEST on different FTP Servers in the same network environment generate different results.

Attached is the ftp logs:

YC2NT.txt --> ftp log into NT server using command line ftp, succeessful,
YC2NT_tool.txt --> ftp log into NT server using ftp tool(auto passive), succeessful,

YC2UX.txt --> ftp log into UNIX server using command line ftp, failed,
YC2UX_tool.txt --> ftp log into UNIX server using ftp tool,which enable passive mode. succeessful,



Thanks Steven and Andrew,

Stan
Stan_365
Frequent Advisor

Re: Possible to Enable PASSIVE FTP from server side ?


Sorry, the previous attachment isn't complete, it only support to attach one file.


Stan
Steven Schweda
Honored Contributor

Re: Possible to Enable PASSIVE FTP from server side ?

> YC2NT.txt --> ftp log into NT server using command line ftp, succeessful,

> YC2UX.txt --> ftp log into UNIX server using command line ftp, failed,

I don't have a good explanation for the
difference, unless there's something in a
firewall somewhere which treats the two
servers differently. (A firewall being the
usual reason for active-mode FTP not
working in the first place.)

The best test for that might be to swap the
IP addresses between the two server systems
(interfaces), but that would probably be too
inconvenient to consider.
Stan_365
Frequent Advisor

Re: Possible to Enable PASSIVE FTP from server side ?

the answer is not.