When the server receives a PASV or EPSV command, it opens a listening socket. Any entity can connect to the listening socket. Use the PASSIVEDATACONN statement to direct the server to verify the peer IP address of the data socket is the client's IP address.
Syntax
.-PASSIVEDATACONN UNRESTRICTED------. >>-+-----------------------------------+----------------------->< '-PASSIVEDATACONN--+-UNRESTRICTED-+-' '-NOREDIRECT---'
Parameters
- UNRESTRICTED
- The server accepts a passive data connection from any IP address. This is the default.
- NOREDIRECT
- The server verifies the peer address of the data socket is the client's IP address. If it is not, the server closes the data socket.
Guideline: The server cannot be the passive server in a three way (proxy) data transfer when NOREDIRECT is coded, because the server rejects an attempt by the active server to connect to its passive socket.
Examples
Use the following example to set
the server to reject passive data connections with IP address different
from the IP addresses of the control connections:
PASSIVEDATACONN NOREDIRECT
PASSIVEDATACONN N