FTP Firewall Settings, Active vs. Passive, and FTPS Explicit vs. Implicit-Week 47

You can find this week’s video here.

Have you ever wondered what FTP Active mode or Passive mode means? Do you have a good understanding of the FTP data channel or control channel? It can be difficult to fully understand FTP, which firewall ports to enable, and how to navigate the two communication channels. This lesson will hopefully clear up these questions and more.

This week’s video lesson takes a deep dive into FTP Active vs. Passive modes. As part of this you’ll get a chance to see the various modes in action, see what the traffic looks like in Wireshark, see exact firewall rules, learn about stateful FTP, find out about Explicit FTPS and Implicit FTPS, and learn about the FTP data channel and control channels.

This week's video lesson is the 4th of a 5-week mini-series on IIS FTP. The five weeks include:

  • Week 1: IIS FTP Basics
  • Week 2: IIS FTP and IIS Manager Users
  • Week 3: IIS FTP and User Isolation
  • Week 4: IIS FTP Firewall settings, Active vs. Passive
  • Week 5: IIS FTP Troubleshooting plus FTP Host Headers

This is now week 47 of a 52 week series for the web pro, and the 4th of a 5 week mini-series on IIS FTP. You can view past and future weeks here: http://dotnetslackers.com/projects/LearnIIS7/

You can find this week’s video here.

3 Comments

  • Yeah FTP sucks. It was funny how I went for years not even thinking about it. Then a year ago I had what I thought was a simple enough setup: A physical host running hyper-v with a virtual machine. The physical machine had external IP addresses, the virtual machine internal ones (192.168.0.2, etc). For specific reasons the VM couldn't be hooked up to the physical IPs.

    So I needed to setup NAT from the physical to the virtual; then make sure all the right FTP ports were mapped; then make sure IIS 7.5 was also using the correct ports being mapped, etc, etc, etc.

    Damn just sooooo hard.

  • Hi David,

    I feel your pain. With HTTP/S you just open TCP 80/443 and it's done. Easy! FTP ... not so much.

  • Hi Aadil,

    Have you tested with the command line FTP from the sql server? That will confirm your network connectivity. If you don't mind installing FileZilla on the sql box (not sure that I would unless I had to), you can test with passive or active mode to see which works.

    I haven't used FTP from sql before so I'm not sure if it supports active or passive mode. My guess is that you're being blocked by the firewalls due to passive or active mode (active most likely) bring used but the firewall isn't setup for it yet.

Comments have been disabled for this content.