Knowledge Base

  1. Home
  2. Features
  3. Clear Command Channel (CCC)
Created
Modified

Article 2551

Clear Command Channel (CCC)

The CCC command makes a secured control/command channel revert back to plaintext (un-secured).
This feature helps to solve data connection problems in situations where all the conditions below are met:

    • Secure (SSL Explicit) connection to the remote server
    • Client behind a NAT router.
    • Control connection to port 21
    • Passive (PASV) data connections are not working (e.g. incoming connections blocked on the server side or FTP server behind a NAT)

If the Clear Control Connection (CCC) setting is enabled, the FTP client connects to the server, negotiates a secure connection, authenticates (sends user and password) and reverts back to plaintext.

To change the control connection protection in SmartFTP go to the Favorite Properties. Then go to the FTP - Connection - TLS dialog and change the Control Connection option.

Technical Background

NAT routers automatically examine the PORT command sent through a control channel for un-secured control connections to the default FTP port (21) of the remote FTP server. This allows them to open an incoming port for the data connection, setup the routing/forwarding and rewrite the PORT IP with the external (WAN) IP address. If a secured connection (SSL) is made to a FTP server, the NAT router cannot interpret the data correctly as everything is encrypted. Therefore it cannot translate a PORT command and open the appropriate port for the expected incoming data connection. By sending a CCC command and further reverting back to plaintext the NAT router are once again able to translate the PORT commands.

Server Support
Most modern servers support this feature.

References

  1. RFC 4217
  2. RFC 1631 - The IP Network Address Translator (NAT)

Keywords
CCC

Related Articles


What do you think about this topic? Send feedback!