Go Back   FlashFXP Forums > > > >

ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD.

Thread Tools Rate Thread Display Modes
Old 10-26-2009, 09:45 AM   #1
Junior Member
Join Date: Mar 2004
Posts: 10
Default Fixed Data ports


About SSL fxp, I would like to have fixed port so I only have to open these "known" ports on the firewall.

in ioftpd.ini I've the default set to (and i'm fine with it):
Ports = 5421-5450

But when a transfer start it is blocked at firewall level as it comes on port 6000 to 6100
I went for the easy solution and open up these ports ...
Only for the next test to send on port +50000

Clients get:
[R] 425 Can't open data connection.

Here are the settings for the Certificate:
Require_Encrypted_Auth = !-ioFTPD !*
Require_Encrypted_Data = !-ioFTPD !S *
Certificate_Name = *****SSL
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 256

# IDNT command handler
Get_External_Ident = True

Am I mistaken for the way it works ?
How can I achieve this properly ?
(What is the purpose if the IDNT comand handler ?)

Thanks for your feedback
Smirnoff is offline   Reply With Quote
Old 10-26-2009, 11:25 PM   #2
Too much time...
FlashFXP Beta Tester
ioFTPD Administrator
Join Date: May 2005
Posts: 1,194

The FTP has 3 types of ports you can control.

1) The port to accept new control connections on (Port=), must be forwarded in router.

2) The passive port(s) for incoming data connections (Ports=), must be forwarded in router.

3) The active port(s) to use for outgoing data connections (Out_Ports=). Usually outgoing connections are passed through by most NAT routers without any special configuration, but if blocked for some reason must be allowed.

You, however, have no control over what the client port for the other half of each style (passive/active) will be because the client chooses that. Just use two firewall rules, one using the incoming port range(s), and the other the outgoing port range(s).

Most of the time you'll just need to write one rule to cover 5420-5450 incoming so they will be forwarded to the correct machine.
Yil is offline   Reply With Quote

fixed, fxp, open, port, ports

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 03:27 AM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)