Configuration
CX8190
28
Version: 1.5
6.1.3
FTP Server
Restricted access through firewall
From image version "CX8100_WEC7_LF_v604h_TC31_B4022.20", the firewall for the CX8190 is
enabled by default. This means that a passive FTP connection (as used by Microsoft, for example)
cannot be established. We therefore recommend using active FTP access. Enter TCP ports 20 and
21 in the firewall.
The File Transfer Protocol (FTP) is based exclusively on TCP-based communication connections. FTP
specifies two TCP ports, which are important for data transfer:
• Port 20/tcp: This port is also referred to as
data port
and is used to send/receive files and directory
lists.
• Port 21/tcp: This port is generally referred to as
command port
and is used to exchange status
information between the client and server.
Separate TCP connections are used for sending and receiving files (data port) and for transmitting
commands (command port). With FTP, two connection modes are available for setting up such connections:
"
Active FTP
" and "
Passive FTP
". Depending on the connection mode, the two ports mentioned above are
initiated differently, which is described in more detail below.
Active FTP
With active FTP, the client connects to the command port of the FTP server. The client uses a random port
N, e.g. 4242/tcp, as source port. The client then listens on port N+1 and notifies the server of this port. The
server then connects to the client on port N+1 and uses its data port as the source port.
A problem with active FTP is that the client itself does not establish a connection to the server's data port,
but communicates a port (N+1) to the server, which then connects to the client via its data port. In the case
of firewalls or NAT devices that are located upstream of the client, this could involve additional configuration
effort on the client side, since the data port of the client behind the firewall must be accessible to the server
(see figure "Connect 4243").
Passive FTP
This method is used when the client is not directly accessible by the server. This is the case, for example, if
the client is behind a firewall that uses NAT to rewrite the client's address. With passive FTP, the FTP client
initiates a connection via two random TCP ports N (command port) and N+1 (data port). The first port is used
to connect to the server's command port. However, instead of the client communicating its port N+1 to the
server so that the server can open a connection to it (see active FTP), the client first transmits a so-called
PASV command. The server now knows that the connection is via passive FTP. As a result, the server
opens a (random) port P as data port and transmits it to the client. The client then initiates a connection with
port P and uses port N+1 (data port) as the source port. This connection is then used to transfer the data.
Summary of Contents for CX8190
Page 1: ...Manual EN CX8190 Embedded PC with Ethernet 11 8 2021 Version 1 5...
Page 2: ......
Page 71: ......