Port 22/tcp is SSH, not FTP. FTP uses port 21/tcp inbound and either port 20/tcp outbound (active mode) or an arbitrary port > 1023/tcp inbound (passive mode).
Anyway, since you want encryption and have to traverse a firewall it would probably be a better approach to dump FTP and use SSH instead.
Active mode FTP data connections normally run over one port below that of the control connection (which indeed is defined, by IANA, to be 21; making the standard data port 20.)
Yes.
And in active mode you know the data port beforehand. But since it is the server connecting, (from port 20) to a random port >1024 on the client, and you're encripting the negotiation; clients wount know which port to open and very probably disallow this...
In passive mode you don't really know which port the server is gonna use, however you can define a 'port range' it should pick from, and let that through the firewall allong with port 21.
formatting link
Yes. Either you or implicitly rely on the server to encript the data connection aswell, or explicitly tell it to, or not to, do so.
The latter uses differend ports (990 control, and 989 active-mode data usually), however this methond this is besically deprecated.
Ports are 20 and 21 if you are speaking about active FTP [1].
Yes
Yes, see
formatting link
"Implicit FTPS is an older, but still widely implemented style in which the client connects to a different port (usually 990), and an SSL handshake is performed before any FTP commands are sent."
Basically the same decisions regarding firewalling (active or/and passive FTP) applies to the situation when using TLS secured FTP. But in addition, if your firewall is doing NAT as well there is a rather big chance that FTP connections with TLS security will fail.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.