FTP supports two modes. These modes are called Standard (or Active) and Passive (or "PASV"). The Standard mode FTP client sends PORT commands to the FTP server. The Passive mode client sends PASV commands to the FTP Server. These commands are sent over the FTP command channel.
Standard mode FTP clients first establish a connection to TCP port 21 on the FTP server. This connection establishes the FTP command channel. The client sends a PORT command over the FTP command channel when the FTP client needs to receive data, such as a folder list or file. The PORT command contains information about on which port the FTP client receives the data. In PORT Mode, the FTP server always sends data from TCP port 20. The FTP server must open a new connection to the client when it sends data.
Passive mode FTP clients also start by establishing a connection to TCP port 21 on the FTP server to create the control channel. When the client sends a PASV command over the command channel, the FTP server opens an ephemeral port (between 1024 and 5000) and informs the FTP client to request data transfer from that port. The FTP server responds to the request by using the ephemeral port as the source port for data transfer. When this occurs, the FTP server does not need to establish a new inbound connection to the FTP client.
You may need to change the mode that is used by the FTP client, depending on the firewall configuration on either the FTP client or the server. Microsoft Internet Explorer 5 and later support both Standard mode and Passive mode.
- Start Internet Explorer.
- Click Internet Options on the Tools menu.
- Click the Advanced tab.
- Click Enable Folder View for FTP sites.
Internet Explorer can be enabled for a passive mode FTP client when you clear this option.
Firewall administrators may not want to use PASV FTP servers because the FTP server can open any ephemeral port number. Although Microsoft Internet Information Server (IIS) 4.0 and Microsoft Internet Information Server 5.0 use the default ephemeral port range of 1024 through 5000, many FTP servers are configured with an ephemeral port range of 1024 through 65535. Firewall configurations that allow full access to all ephemeral ports for unsolicited connections may be considered unsecured.
You can configure both IIS 4.0 and IIS 5.0 to allow the ephemeral port range of 1024 through 65535.
For additional information about problems that you may have when you try to connect to TCP ports above 5000, click the article number below to view the article in the Microsoft Knowledge Base:
Article ID: 309816 - Last Review: Nov 1, 2006 - Revision: 1