Using Passive FTP Through a Firewall with Netscape Navigator (239533)

MORE INFORMATION

If you cannot open connections from Netscape Navigator through a firewall to FTP servers outside your site, try configuring the firewall to allow outgoing connections on high-numbered ports.

Using FTP typically involves opening a connection to an FTP server and then accepting a connection from the FTP server back to your computer on a randomly chosen high-numbered telnet port. The connection from your computer is called the "control" connection; the connection from the FTP server is known as the "data" connection. The commands you send and the FTP server's responses are sent on the control connection. Any data sent back (such as directory lists or actual file data in either direction) are sent on the data connection.

However, this approach usually does not work through a firewall, which typically does not let any connections come in at all. When this occurs, your FTP connection might seem to work at first, but then seem to hang when you issue a command (such as ls or get).

Netscape Navigator uses a different method, known as "PASV" ("passive FTP"), to retrieve files from an FTP site. Navigator opens a control connection to the FTP server, tells the FTP server to expect a control connection to the FTP server, tells the FTP server to expect a second connection, and then opens the data connection to the FTP server itself on a randomly chosen high-numbered port. This works with most firewalls, unless your firewall restricts outgoing connections on high-numbered ports too.

Passive FTP is described as part of the FTP protocol specification in RFC 959. For additional information about this RFC, see the following Web site: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.