I am a little late in responding; moving an entire house of belongings 
and children is not fun.

Mateusz provided a good explanation - it is "active" vs. "passive" mode 
connections.  Back 15 years ago before NAT was in widespread use all FTP 
connections were "active."  The client would initiate a connection to 
the server for sending commands.  If data needed to be sent the server 
would initiate the connection to the client.  And in the very very old 
days, specific port numbers were assumed.

NAT completely screws this up by acting as a "diode", allowing new 
connections to pass through in one direction but not in the other. So 
your FTP client can make the control connection to the server, but the 
server can not make a connection back to the client because of NAT.  
Directory listings require a new socket, so this breaks even simple 

There are two ways around this.  Most firewalls that implement NAT do 
some basic packet inspection and detect this particular FTP problem, and 
correct for it.  So even though NAT dictates that the FTP server should 
not be able to make an inbound TCP connection to your client behind the 
firewall, the firewall actively does some work to allow this.  It has to 
inspect packets to do this, and it only works with the well-known FTP 
port (21).  If you choose a non-standard FTP control port to work with, 
it breaks.

The second is to use "passive" connections.  When in passive mode, the 
client always initiates new socket connections, even for data 
transfers.  If your client can make the control connection then it can 
also make the data connection.

The FTP protocol is really very powerful.  It allows you to direct data 
transfers between multiple machines, if you can coordinate them.  It was 
too complex for it's own good though.  Just use passive mode connections 
and you'll be fine.

I'm not sure what is wrong with the VirtualBox host only mode.  It is 
not working for me here either.


Slashdot TV.  
Video for Nerds.  Stuff that matters.
Freedos-user mailing list

Reply via email to