Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
maru
226 Transfer OK
Posts: 161
Joined: 2021-11-22 05:22

Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

#1 Post by maru » 2021-11-30 08:19

Hello.

I am currently testing the new FileZilla Server (ver 1.1.0).
I am a beginner.
Please forgive my lack of study.

I have additional questions about Passive mode item of FileZilla Server (ver 1.1.0).

The network environment and how to connect to FileZilla Server are as shown in the attached file(Figure 1).

As Mr. Kosse taught me the other day, I was going to set the following in the Passive mode setting of FileZilla Server(ver 1.1.0).

From: 49152 To: 65534

Also,I was going to open TCP ports From 49152 to 65534 on the router's port forward to allow access to the FileZilla Server on the private network from the Internet and I was going to transfer this range of incoming access to the FileZilla Server.

However, there was something I was worried about.
When I run the "netstat" command on another PC on the same Private network as the one on which FileZilla Server is installed, it looks like Figure 2.
Looking at this figure, more than 50,000 numbers are used as internal ports.
These numbers are included in the port range planed to set in the port forwarding settings of the router and the port range planed to set in the Passive mode of FileZilla Sever.If I set the above-mentioned TCP port range(From:49152 To:65534) to transfer to FileZilla Server with port forwarding of the router, for example, is it possible that I will not be able to surf the Internet (with a browser) on other PCs(the exception of FileZilla Server PC) or not be able to utilize software that use TCP port on other PCs(the exception of FileZilla Server PC) ? Here, other PCs mean PCs that are on the same private network as FileZilla Server.
If I have any misunderstandings, please forgive me.

For example, if there is little FTP access from a PC on the same private network as FileZilla Server, can the Passive mode port range be small? For example 1000.

By the way, the other day, Mr. Kosse taught me the following theory, but it is difficult for me(beginner).

"Rule of thumb: You need at least as many ports as the maximum amount of transfers done in 4 minutes. With very small files and a client in the same LAN as the server, this is easily many thousands."

Does the above mean that FileZilla Server need more port ranges than the number of files sent and received from multiple FTP Client in 4 minutes?

I look forward to advice.
Attachments
Picture02.png
Picture02.png (22.37 KiB) Viewed 2515 times
Picture01.png
Picture01.png (100.33 KiB) Viewed 2515 times

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

#2 Post by botg » 2021-11-30 08:48

Ports are a shared medium. Unless a program specifically requests a particular port, a port from the ephemeral range is picked at random by the system. It's entirely normal for there to be lots of programs which over time all use the same ports.

For example, if there is little FTP access from a PC on the same private network as FileZilla Server, can the Passive mode port range be small? For example 1000.
1000 divided by the number of seconds in 4 minutes (that is the time sockets stay in TIME_WAIT during which they cannot be re-used): 1000 / (60 * 4) ~= 4.2
This means that with a range of 1000 ports you can at most do 4.2 transfers each second before eventually running into issues due to port exhaustion.

Now compare this number against what is possible: With just a single client on my local machine I could reach over 400 transfers/second. Even using the entire range of 64k ports I'd eventually run into port exhaustion.

I hope this shows the importance of forwarding as many ports as possible.

maru
226 Transfer OK
Posts: 161
Joined: 2021-11-22 05:22

Re: Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

#3 Post by maru » 2021-11-30 10:22

Thank you for reply.
Thank you Mr.Kosse.

I tested it further in my environment.

I prepared dozens of small text files on a PC.
First of all, I set the fileZilla Server's passive mode to Extremely narrow from: 49152 To: 49162 and sent these files to FileZilla Server with an FTP client.
The FTP client used at this time is different from the FileZilla client, and I can see the port number of passive mode on the screen of this software.
I was looking at the screen and I was able to confirm that the port was changed each file within the above port range and was transferred.
Also, I was able to confirm that the same port number was used repeatedly several times in the transfer of different files.
But, the transfer did not fail.

Next, I did the same test by limiting the passive mode of FileZilla Server to one port, such as From: 49152 To: 49152.
All files were transferred on the same port 49152, and the transfer was successful.

Is my test wrong?

I didn't know in what case the port would be exhausted and the transfer would fail.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

#4 Post by botg » 2021-11-30 11:35

A TCP socket is defined by four elements: Source IP, source port, destination IP and destination port. After using a particular quadruplet it cannot be re-used for the TIME_WAIT duration (4 minutes). For a given server and client, source and destination IP are obviously fixed. Some clients always use same source port [*] which only leaves the data port as the remaining degree of freedom. Hence the need for a large range.

[*] A literal interpretation of RFC 959 mandates this reuse. Many clients, FileZilla included, intentionally deviate from this to alleviate the port exhaustion problem. Note however that the server in general has no influence on which software the client uses. This gets further complicated by clients behind a NAT/PAT router or a proxy, where the client simply doesn't know what the source port on the other end of the router or proxy is.

maru
226 Transfer OK
Posts: 161
Joined: 2021-11-22 05:22

Re: Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

#5 Post by maru » 2021-12-02 12:05

Thank you for reply.
Thank you , Mr.Kosse.

I could understand the importance of setting a large passive mode range, but I wanted to know more about Passive mode's behavior and points to note, so I did more testing in my environment.

This time, I set the Passive mode of FileZilla Server to one port like (From: 49152, To: 49152), and sent dozens of files from two PCs on the same private network in Passive mode using a FTP client (this software is different from FileZilla Client) to FileZilla Server almost at the same time.

Figure 1 of the attachment is the result of the netstat command immediately after testing with an FTP Client that is different from the FileZilla Client.
With this FTP Client, you can see that the number on TCP port 49152 was always used when sending files.
In addition, although some files were successfully sent (to FileZilla Server) on both PCs,but in the middle of the test the FTP Client the two PCs displayed the following error and the file transmission stopped .
"425 Cannot open data connection."

Looking at Figure 1, the FTP client I used changed the source port every time one file was sent, so in spite of limited the Passive mode to one number(49152), do you mean that I could succeed to send some files to some extent on both of PCs?
However, the reason why the file transmission stopped in the middle is not due to the 4-minute restriction that Mr. Kosse taught me, but because of the following description in the past topic?

Topic Title: 425 and 421 error after upgrading Windows and FZ server (Posted at 2019-12-06 12:55)

The above topic has the following sentence (is this the text of a network textbook?).
----
Valid ports can be from 1 to 65535, however ports less than 1024 are reserved for other protocols. It is best to choose ports> = 50000 for passive mode FTP. Due to the nature of TCP (the underlying transport protocol), a port cannot A range of 50 ports should be sufficient in most cases. A range of 50 ports should be sufficient in most cases.
----

I was interested in the following part of the above sentence.
Due to the nature of TCP (the underlying transport protocol), a port cannot be reused immediately after each connection.

In other words, in my environment, the same 49152 port wasn't immediately available immediately after use, so in the middle of the test, my FTP Client failed to send the file ?

Next, I sent dozens of files from two PCs by FileZilla Client to FileZilla Server using Passive mode at about the same time.
Figure 2 shows the result of the netstat command immediately after testing with FileZilla Client.
Looking at Figure 2, you can see that ports with numbers other than TCP port 49152 are also being used.
Also, to my surprise, FileZilla Client on two PCs did not fail to send files in the middle of test.
Is this because FileZilla Client or FileZilla Server used ports other than 49152 in order not to fail send files as an exception or reluctantly ?
Is it normal for FileZilla Client to use a port with a number other than TCP port 49152(even thouh I limited port to 49152)?
In other words, is this just a better FileZilla client?
Attachments
picture02.png
picture02.png (61.7 KiB) Viewed 2422 times
picture01.png
picture01.png (58.69 KiB) Viewed 2422 times

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

#6 Post by botg » 2021-12-02 15:14

As mentioned before, a socket is identified by four elements: Source IP, source port, destination IP and destination port. You will find that the combination of all 4 isn't reused during the TIME_WAIT interval.

Retry your tests with a client that doesn't change its source port..

maru
226 Transfer OK
Posts: 161
Joined: 2021-11-22 05:22

Re: Additional questions about Passive mode item of FileZilla Server (ver 1.1.0)

#7 Post by maru » 2021-12-03 06:13

Thank you for reply.
Thank you, Mr.Kosse.
I learned a lot from what you taught me.
I will try finding the FTP client that can fix source port.

Post Reply