Difference of Active and Passive Mode for File Transfer Protocol
FTP(File Transfer Protocol) is a common protocol in the file transfer process. Many companies build FTP servers to provide file download services. Here are two transfer modes for FTP. FTP differs from other services in that it uses two ports and one data port. And a command port (or called control port). Usually, port 21 is the command port and port 20 is the data port. When the concept of active/passive mode is mixed in, the data port may not be 20.
The working principle of the active mode: FTP client uses N (N>1023) port to connect to port 21 of the FTP server, sends a user name and password to log in, and after successful login to list or read data, the client opens the N+1 port. Send the PORT command to the FTP server, tell the server-client to adopt the active mode and open the port; After receiving the PORT active mode command and port number, the FTP server connects through the server's 20 port and the client's open port to send data.
The working principle of the passive mode: the FTP client uses N (N>1023) to connect to port 21 of the FTP server, and sends a user name and password to log in. After successful login, if you want to list or read data, send a PASV command to the FTP server. Open a port locally (above 1024), and then tell the client the open port. The client then connects to the open port of the server through the N+1 port for data transmission.
Active Mode VS Passive Mode
The difference between the two is that when establishing a data movement connection, the main mode connection initiator is server-side, and the port 20 connects to the client's N+1 port to establish the data connection; the passive mode connection initiator is the client, and the client uses Port number +1 to connect to a high-order part of the server.
Differences IN Network Settings
Scenario: The FTP client and server are on different networks, and a firewall is required between the two networks. The client's FTP software sets the port segment opened in active mode, and the corresponding port segment can be opened on the client's firewall. There is a common problem: only port 21 is opened on the server-side, and no port is opened on the client machine. The passive mode adopted by the FTP client connection results in that the client can log in successfully, but cannot list and read data. It is because the server does not open the random port in passive mode.
In passive mode, the open ports on the server-side are random, but the firewall must not be fully open. The solution is to open some random high-level ports in the passive mode of the FTP server configuration (range in the FTP server software settings, you can set any 1024 on Port segment), and then set the rules in the firewall, open the corresponding port number on the server-side.