Microsoft KB Archive/323446

= How to configure Internet Explorer to use both the FTP PORT mode and the FTP PASV mode in the Windows Server 2003 Family =

Article ID: 323446

Article Last Modified on 5/10/2007

-

APPLIES TO


 * Microsoft Internet Explorer 6.0, when used with:
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Windows Internet Explorer 7 for Windows Server 2003 IA64
 * Windows Internet Explorer 7 for Windows XP
 * Windows Internet Explorer 7 for Windows Server 2003

-



This article was previously published under Q323446



For a Microsoft Windows 2000 version of this article, see 309816.

IN THIS TASK

 * SUMMARY
 * How to change the Internet Explorer FTP Client mode
 * Troubleshooting



SUMMARY
This article describes how to configure Microsoft Internet Explorer or in Windows Internet Explorer to use both the File Transfer Protocol (FTP) PORT mode and PASV mode.

FTP supports two modes. These modes are called Standard (or PORT or Active) and Passive (or PASV). The Standard mode FTP client sends PORT commands to the FTP server. The Passive mode client sends PASV commands to the FTP Server. These commands are sent over the FTP command channel when establishing the FTP session.

Standard mode FTP clients first establish a connection to TCP port 21 on the FTP server. This connection establishes the FTP command channel. The client sends a PORT command over the FTP command channel when the FTP client needs to send or receive data, such as a folder list or file. The PORT command contains information about which port the FTP client receives the data connection on. In Standard mode, the FTP server always starts the data connection from TCP port 20. The FTP server must open a new connection to the client when it sends or receives data, and the FTP client requests this by using the PORT command again.

Passive mode FTP clients also start by establishing a connection to TCP port 21 on the FTP server to create the control channel. When the client sends a PASV command over the command channel, the FTP server opens an ephemeral port (between 1024 and 5000) and informs the FTP client to connect to that port before requesting data transfer. As in Standard mode, the FTP client must send a new PASV command prior to each new transfer, and the FTP server will await a connection at a new port for each transfer.

You may have to change the mode that is used by the FTP client, depending on the firewall configuration on either the FTP client or the server. Microsoft Internet Explorer 5 and later versions support both Standard mode and Passive mode.

back to the top

How to change the Internet Explorer FTP Client mode

 * 1) Start Internet Explorer.
 * 2) On the Tools menu, click Internet Options.
 * 3) Click the Advanced tab.
 * 4) Under Browsing, click to clear the Enable folder view for FTP sites check box.
 * 5) Click to select the Use Passive FTP (for firewall and DSL modem compatibility) check box.
 * 6) Click OK.

Internet Explorer behaves as a Standard mode FTP client if you select the Enable folder view for FTP sites check box, even if you also select the Use Passive FTP check box. If you clear the Enable folder view for FTP sites check box and then select the Use Passive FTP check box, Internet Explorer behaves as a Passive mode FTP client.

back to the top

Troubleshooting
Many firewalls do not accept new connections through an external interface. The firewall detects these connections as unsolicited connection attempts and, therefore, drops them. Standard mode FTP clients do not work in this environment because the FTP server must make a new connection request to the FTP client.

Firewall administrators may not want to use Passive mode FTP servers because the FTP server can open any ephemeral port number. Although Microsoft Internet Information Server (IIS) 4.0 and IIS 5.0 use the default ephemeral port range of 1024 through 5000, many FTP servers are configured with an ephemeral port range of 1024 through 65535. Firewall configurations that allow full access to all ephemeral ports for unsolicited connections may be considered unsecured.

You can configure both IIS 4.0 and IIS 5.0 to allow the ephemeral port range of 1024 through 65535.

For additional information about problems that you may have if you try to connect to TCP ports above 5000, click the article number below to view the article in the Microsoft Knowledge Base:

196271 Unable to Connect from TCP Ports Above 5000

back to the top

Additional query words: kbappsvc iis

Keywords: kbwebservices kbappservices kbftp kbhowtomaster KB323446

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.