Using Passive FTP Through a Firewall with Netscape Navigator

ID: Q239533

The information in this article applies to:
  • Microsoft BackOffice Small Business Server versions 4.0, 4.0a, 4.5
  • Microsoft Proxy Server version 2.0

SYMPTOMS

When you are using Netscape Navigator through a firewall, your FTP connections may seem to work temporarily, but then stop working when you navigate to a remote site. For example, selecting another folder may not succeed; instead, the network connection may seem to stop responding (hang).


CAUSE

This behavior can occur if outgoing connections on high-numbered ports are disabled on the proxy server.


RESOLUTION

To resolve this issue, enable dynamic ports 1025 through 5000 in Winsock Proxy Packet Filter properties.


MORE INFORMATION

If you cannot open connections from Netscape Navigator through a firewall to FTP servers outside your site, try configuring the firewall to allow outgoing connections on high-numbered ports.

Using FTP typically involves opening a connection to an FTP server and then accepting a connection from the FTP server back to your computer on a randomly chosen high-numbered telnet port. The connection from your computer is called the "control" connection; the connection from the FTP server is known as the "data" connection. The commands you send and the FTP server's responses are sent on the control connection. Any data sent back (such as directory lists or actual file data in either direction) are sent on the data connection.

However, this approach usually does not work through a firewall, which typically does not let any connections come in at all. When this occurs, your FTP connection might seem to work at first, but then seem to hang when you issue a command (such as ls or get).

Netscape Navigator uses a different method, known as "PASV" ("passive FTP"), to retrieve files from an FTP site. Navigator opens a control connection to the FTP server, tells the FTP server to expect a control connection to the FTP server, tells the FTP server to expect a second connection, and then opens the data connection to the FTP server itself on a randomly chosen high-numbered port. This works with most firewalls, unless your firewall restricts outgoing connections on high-numbered ports too.

Passive FTP is described as part of the FTP protocol specification in RFC 959. For additional information about this RFC, see the following Web site:

http://www.cis.ohio-state.edu/htbin/rfc/rfc959.html
The third-party contact information included in this article is provided to help you find the technical support you need. This contact information is subject to change without notice. Microsoft in no way guarantees the accuracy of this third-party contact information.

Additional query words: smallbiz

Keywords : kb3rdparty kbenv
Version : winnt:2.0,4.0,4.0a,4.5
Platform : winnt
Issue type : kbprb


Last Reviewed: January 7, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.