Microsoft KB Archive/239533

= Using Passive FTP Through a Firewall with Netscape Navigator =

Article ID: 239533

Article Last Modified on 6/22/2001

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition

-



This article was previously published under Q239533



SYMPTOMS
When you are using Netscape Navigator through a firewall, your FTP connections may seem to work temporarily, but then stop working when you navigate to a remote site. For example, selecting another folder may not succeed; instead, the network connection may seem to stop responding (hang).



CAUSE
This behavior can occur if outgoing connections on high-numbered ports are disabled on the proxy server.



RESOLUTION
To resolve this issue, enable dynamic ports 1025 through 5000 in Winsock Proxy Packet Filter properties.



MORE INFORMATION
If you cannot open connections from Netscape Navigator through a firewall to FTP servers outside your site, try configuring the firewall to allow outgoing connections on high-numbered ports.

Using FTP typically involves opening a connection to an FTP server and then accepting a connection from the FTP server back to your computer on a randomly chosen high-numbered telnet port. The connection from your computer is called the "control" connection; the connection from the FTP server is known as the "data" connection. The commands you send and the FTP server's responses are sent on the control connection. Any data sent back (such as directory lists or actual file data in either direction) are sent on the data connection.

However, this approach usually does not work through a firewall, which typically does not let any connections come in at all. When this occurs, your FTP connection might seem to work at first, but then seem to hang when you issue a command (such as ls or get).

Netscape Navigator uses a different method, known as "PASV" ("passive FTP"), to retrieve files from an FTP site. Navigator opens a control connection to the FTP server, tells the FTP server to expect a control connection to the FTP server, tells the FTP server to expect a second connection, and then opens the data connection to the FTP server itself on a randomly chosen high-numbered port. This works with most firewalls, unless your firewall restricts outgoing connections on high-numbered ports too.

Passive FTP is described as part of the FTP protocol specification in RFC 959. For additional information about this RFC, see the following Web site:

http://www.cis.ohio-state.edu/htbin/rfc/rfc959.html

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Additional query words: smallbiz

Keywords: kbenv kbprb kb3rdparty KB239533

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.