Active mode FTP VS passive mode FTP


FTP is a TCP based service exclusively. There is no UDP component to FTP.
There are two ways to communication with FTP and that is: active and passive.
FTP is an unusual service in that it utilizes two ports, a 'data' port and a 'command' port (also known as the control port). Traditionally these are port 21 for the command port and port 20 for the data port. The confusion begins however, when we find that depending on the mode, the data port is not always on port 20.

How does Active FTP work?
In active mode FTP the client connects from a random unprivileged port (poer number > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20.
Firewall on Active FTP - what ports should be opened on server and client side?
On server port 20 and port 21 must be opened on the client (home user) ports higher than 1023 must be opened for successfull ftp connection and transfer of files.

How does Passive FTP work?

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server.
When opening an FTP connection, the client opens two random unprivileged ports locally (port number > 1023 and port number+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command.
The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port (port number+1) to port (port number) on the server to transfer data.
The passive FTP protocol is very good because a lot of connections on internet are over ADSL, cable... and clients use routers to connect to the internet. Routers usualy filter data so active ftp protocol can not be used. This problem is solved with active file transfer protocol.
Firewall on Passive FTP - what ports should be opened on server and client side?
On server port 21 and ports (port number > 1023) must be opened. On client side no change is needed.

How To Configure PassivePortRange In IIS

Configuring FTP Site Properties (IIS 6.0)

No comments: