PASSIVEDATAPORTS (FTP server) statement

Use the PASSIVEDATAPORTS statement to assign a range of port numbers for the FTP server to use as listening data socket ports.

Syntax


>>-PASSIVEDATAPORTS (low_port, high_port)----------------------><

Parameters

low_port: The lowest port number the FTP server is allowed to use when creating a listening data socket. The lowest number allowed for low_port is 1 024.
high_port: The highest port number the FTP server is allowed to use when creating a listening data socket. The highest number allowed for high_port is 65 535.

By default, the FTP server allows the stack to select a port number from its entire range of ephemeral ports for listening data sockets. PASSIVEDATAPORTS affects ports selected for the data connection only; the control connection ports are not affected. PASSIVEDATAPORTS is useful in conjunction with firewalls that restrict the range of port numbers allowed to FTP.

Guideline: Code a PORTRANGE AUTHPORT statement in PROFILE.TCPIP to reserve the ports you have specified with PASSIVEDATAPORTS. If you are using a sysplex DVIPA to distribute the FTP server workload with sysplex ports, code the same PORTRANGE AUTHPORT statement for each participating stack in the sysplex.

Restriction: If you have PORTRANGE statements in PROFILE.TCPIP that reserve ports for a different application, and those reserved ports intersect with the PASSIVEDATAPORTS ports, the FTP server is never able to obtain those ports.

Examples

To restrict the server's choice of ports for listening data sockets to ports from 50000 to 50099, code the following statement in FTP.DATA:

PASSIVEDATAPORTS (50000,50099)

To prevent other applications from consuming ports in the range 50 000 - 50 099, code the following statement in PROFILE.TCPIP:

PORTRANGE 50000 100 TCP AUTHPORT