Clear Command Channel (CCC)
The CCC command makes a secured control/command channel revert back to plaintext (un-secured).
This feature helps to solve data connection problems in situations where all the conditions below are met:
- Secure (SSL Explicit) connection to the remote server
- Client behind a NAT router.
- Control connection to port 21
- Passive (PASV) data connections are not working (e.g. incoming connections blocked on the server side or FTP server behind a NAT)
If the Clear Control Connection (CCC) setting is enabled, the FTP client connects to the server, negotiates a secure connection, authenticates (sends user and password) and reverts back to plaintext.
To change the control connection protection in SmartFTP go to the Favorite Properties. Then go to the FTP->Connection->SSL/TLS dialog and change the Control Connection option.
NAT routers automatically examine the PORT command sent through a control channel for un-secured control connections to the default FTP port (21) of the remote FTP server. This allows them to open an incoming port for the data connection, setup the routing/forwarding and rewrite the PORT IP with the external (WAN) IP address. If a secured connection (SSL) is made to a FTP server, the NAT router cannot interpret the data correctly as everything is encrypted. Therefore it cannot translate a PORT command and open the appropriate port for the expected incoming data connection. By sending a CCC command and further reverting back to plaintext the NAT router are once again able to translate the PORT commands.
Most modern servers support this feature.
Microsoft - How NAT works
RFC 1631 - The IP Network Address Translator (NAT)
What do you think about this topic? Send feedback!