When the server receives a PASV or EPSV command, it opens a listening socket. Any entity can connect to the listening socket. Use the PASSIVEDATACONN statement to direct the server to verify the peer IP address of the data socket is the client's IP address.
.-PASSIVEDATACONN UNRESTRICTED------. >>-+-----------------------------------+----------------------->< '-PASSIVEDATACONN--+-UNRESTRICTED-+-' '-NOREDIRECT---'
Guideline: The server cannot be the passive server in a three way (proxy) data transfer when NOREDIRECT is coded, because the server rejects an attempt by the active server to connect to its passive socket.
PASSIVEDATACONN NOREDIRECT
PASSIVEDATACONN N