Modes and Data Transmission

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008

When using FTP, there are two things to consider. The first is the connection mode, which can be either passive or active; and the second is the data transfer mode, which can be stream, block, or compressed.

The IIS-based FTP service supports both active and passive mode connections, depending on the method that is specified by the client. IIS does not support disabling either active or passive connection modes.

The default data transfer mode for IIS-based FTP is stream. IIS does not currently support block or compressed data transfer mode.

Unlike HTTP and other protocols used on the Internet, the FTP protocol uses a minimum of two connections during a session: a half-duplex connection for control, and a full-duplex connection for data transfer. By default, TCP port 21 is used on the server for the control connection, but the data connection is determined by the method that the client uses to connect to the server, as detailed below.

  • Active-mode FTP connections are sometimes referred to as "client-managed" because the client sends a port command to the server, over the control connection. The command requests the server to establish a data connection from TCP port 20 on the server to the client, using the TCP port that is specified by the port command.

  • Passive-mode FTP connections are sometimes referred to as "server-managed", because after the client issues a pasv command, the server responds with one of its transient ports used as the server-side port of the data connection. After a data connection command is issued by the client, the server connects to the client using the port immediately above the client-side port of the control connection.

Data Transfer and Firewalls

The most common problem encountered with FTP over the Internet involves data transfers through a proxy server, a firewall, or a Network Address Translation (NAT) device. In most cases these network security devices allow the control connection to be established over TCP port 21 (that is, the user can successfully log on to the FTP server), but when the user attempts a data transfer such as DIR, LS, GET, or PUT, the FTP client appears to stop responding because the network security device is blocking the data connection port that is specified by the client. If the network security device supports logging, you can verify port blocking by reviewing the deny/reject logs on the network security device.

The following table includes FTP clients provided by Microsoft, and the connection mode supported by each client.

FTP Client Transfer Mode

Command line

Active

Internet Explorer 5.1 and earlier

Passive

Internet Explorer 5.5 and later

Active and Passive

FrontPage 1.1 to FrontPage 2002

Active