Filezilla what port should i use

Open up the Windows advanced firewall by going to Windows Firewall option. The rule should apply for your specific network, if not sure select all three network places.

Private, public and domain. When the above has been applied correctly you should now be able to access your FTP server from the internet. Skip to content. The internet was a friendly, trusting place.

Security was not much of a concern. A lot has changed since then. The Internet is now ubiquitous, with millions of users communicating with each other in many different ways. It is also a more hostile place. The availability and openness has attracted malicious users who exploit design limitations, incomplete implementations, bugs, and the inexperience of other users. To make things worse, some are themselves flawed, causing additional problems regarding FTP.

What distinguishes FTP from most other protocols is the use of secondary connections for file transfers. When you connect to an FTP server, you are actually making two connections.

First, the so-called control connection is established, over which FTP commands and their replies are transferred. Then, in order to transfer a file or a directory listing, the client sends a particular command over the control connection to establish the data connection.

The data connection can be established two different ways, using active mode or passive mode. In passive mode, which is recommended see below , the client sends the PASV command to the server, and the server responds with an address. The client then issues a command to transfer a file or to get a directory listing, and establishes a secondary connection to the address returned by the server.

In active mode, the client opens a socket on the local machine and tells its address to the server using the PORT command. Once the client issues a command to transfer a file or listing, the server will connect to the address provided by the client. In passive mode, the connection is outgoing on the client side and incoming on the server side and in active mode this is reversed. Note that the only differences are in establishing a connection.

Once established, the connection can be used for uploads or downloads. In passive mode, the router and firewall on the server side need to be configured to accept and forward incoming connections. On the client side, however, only outgoing connections need to be allowed which will already be the case most of the time. Analogously, in active mode, the router and firewall on the client side need to be configured to accept and forward incoming connections. Only outgoing connections have to be allowed on the server side.

Therefore, passive mode is recommended in most cases. This may be a standalone router device perhaps a wireless router , or be built into a DSL or cable modem. See Private addresses. The internal IP addresses are only valid inside the LAN, since they would make little sense to a remote system. Think about a server behind a NAT router. Imagine what might happen if a client requests passive mode, but the server doesn't know the external IP address of the NAT router.

If the server sends its internal address to the client, two things could happen:. So if a server is behind a NAT router, it needs to know the external IP address of the router in passive mode. In this case, the server sends the router's external address to the client.

The client then establishes a connection to the NAT router, which in turn routes the connection to the server. Personal firewalls are installed on many systems to protect users from security vulnerabilities in the operating system or applications running on it.

Over the internet, malware such as worms try to exploit these flaws to infect your system. Firewalls can help to prevent such an infection. However, firewalls and other security applications can sometimes interfere with non-malicious file transfers.

Especially if using FTP, firewall users might occasionally see messages like this from their firewall:. In many cases, this is a false alarm. Any program can choose any port it wants for communication over the internet. FileZilla, then, might choose a port that is coincidentally also the default port of a trojan or some other malware being tracked by your firewall. FileZilla is clean of malware as long as it is downloaded from the official website.

Some routers and firewalls pretend to be smart. They analyze connections and, if they think they detect FTP, they silently change the data exchanged between client and server.

If the user has not explicitly enabled this feature, this behavior is essentially data sabotage and can cause various problems. For an example, imagine a client behind a NAT router trying to connect to the server. Let's further assume that this client does not know it is behind a NAT and wants to use active mode. At the same time, the NAT router will also create a temporary port forwarding for the FTP session, possibly on a different port even:. So which do I tell the server to look for?

What do I do with the other one? Having no luck getting these forwarded I've set up an SSL certificate, but obviously didn't do it correctly. Point me in the right direction. Major apologies if this is all listed elsewhere, but I'm easily confused and dangerous when so. It's the one you have to use to connect if you are in the same LAN as the server.

The This one must be used if connecting from outside your router e.