View Full Version : Ports used by FTP

03-03-2004, 11:17 PM
I've been trying to tighten up my interent security, and I seem to have overdone it. I use Laplink FTP for FTP (not very often) and I seem to have the situation that if Laplink works I fail the Shields UP test, and if I pass Shields UP, my FTP doesn't work. It says it has logged on to a site, then fails to retrieve any data.

I'm guessing there is a port I have closed that should be open, but I don't know which one. Short of trying all 65336 ports, where should I be looking?

Tony Bacon

03-03-2004, 11:20 PM
If your using a dedicated ftp client(rather then a browser)then it should say which ones are needed.

Otherwise,port21 is the ftp default.

03-03-2004, 11:21 PM
Thats twice tonight i havent read someones post propely.

No idea about laplink ftp client,but it should have some port info being displayed.

03-03-2004, 11:33 PM
You would have thought so, but I haven't been able to find it.

04-03-2004, 12:13 AM
Is laplink an ftp server?

try openening a command window and typing:
netstat -a

Tat'll list all open ports / connections

Hope this helps


04-03-2004, 12:25 AM
FTP uses port 21 for commands, and port 20 for data.

If laplink is running an ftp server it is expected you will fail the sheilds up test because the ftp ports have to be open inorder to accept connections.

04-03-2004, 12:28 AM
> FTP uses port 21 for commands, and port 20 for data.

Really? How is it that my Router is blocking port 20 then, but ftp still works?

04-03-2004, 12:33 AM
I just had aquick read of the Laplink FAQ and it mentions that their servers will connect on the same port as your computer. If you are trying to access a different site the lack of a connection will be due to the fact that they are using an active ftp server rather than a passive. ;)

As you have noticed active ftp servers are blocked by firewalls as the download connection is initiated by the ftp server and not your computer. Passive ftp servers reply to your "request" so aren't blocked.

Doesn't help much, I know. :)

Possibly an active ftp server site might tell you what range they will reply between and you could permit access through those "high" ports from their address. A possible solution without opening yourself toooo much :D

04-03-2004, 01:06 AM
Probably because its running in passive mode, which I think is the default for many apps. If you turn it off you will see the connection to port 20.

For the origional poster:

I had forgotten about passive/non-passive mode. If the laplink programme doesn't support passive mode, try another FTP client. It will avoid a lot of problems. Active non-passive mode comes from the early days of the internet, before things like firewalls.

04-03-2004, 09:21 AM
It is the active/passive thing. After my last post I did some more digging around and looking at FAQs etc and found that the sites (the default ones set up with the installation) I had been trying to connect to through Laplink FTP were all set to active FTP. If I changed them to passive, everything worked OK. As I said, I don't actually use FTP very often, and was just playing to see what the effect of my security tightening was.

So it looks like Gorela was right on the money - thanks, everyone.

Tony Bacon