Your anonymous friend is partly right: the passive ftp requirement is a firewall issue. ftp connections join two arbitrary high ports on the client to ports 21 and 20 on the server. For some weird reason, in normal ftp the second of these - the data connection - is initiated by the server, and doesn't even have to return to the same machine as the control connection. Indigestion for the firewall administrator on the client side: you have to leave 1024-65535 open and try to distinguish legitimate ftp connections from sinister exploration.
in passive ftp both connections are requested by the client in the proper way. more headache on the server, because the data connection goes to a high port there, but the range of options can usually be circumscribed. the client-side firewall is much simpler and more secure because it can open the relevant port from the inside, rather than having to remain alert to ouside requests across a broad range of ports that it would rather just block and forget about.
so i'm puzzled for two reasons: why do you only have to use passive sometimes? i'd have thought that would depend on _your_ firewall and be the same for all outward ftp connections. i've come across servers that will only do active, but never the other way round. And i _really_ can't imagine why you would sometimes be allowed to connect the wrong way.
so i can clarify, but not help one tiny bit. sorry.
ps. back on topic: i think that's the first japh on the site i was able to read. But remember, adding 'use strict;' at the top of your script will alert you to common errors and sloppiness before you get into trouble.
|