FTP active mode and passive mode

1. Mode description

1. PORT (active mode)

PORT Chinese is called the active mode, the working principle:

1. The FTP client connects to port 21 of the FTP server,
2. Send username and password to log in,
3. When you want to list or read data after a successful login, the client randomly opens a port (above 1024), sends a PORT command to the FTP server, and tells the server that the client uses the active mode and opens the port;
4. After receiving the PORT active mode command and port number, the FTP server connects through the server's 20 port and the client's open port to send data.

2. PASV (passive mode)

PASV is an abbreviation of Passive, Chinese has become a passive mode, working principle:

1. The FTP client connects to port 21 of the FTP server,
2. Send username and password to log in,
3. When you want to list or read data after successful login, send the PASV command to the FTP server. The server randomly opens a port locally (above 1024)
4. Then tell the client the open port, and the client connects to the open port of the server for data transmission.

2. Comparison of the two modes

From the above operation, it can be seen that the simple difference between the active mode and the passive mode is:

• When transmitting data in the active mode: the "server" is connected to the "client" port;
• Passive mode transfers data: the "client" connects to the "server" port.

Active mode requires that the client must open ports to the server. Many clients are inside firewalls, and it is difficult to open ports to the FTP server.

Passive mode only requires the server to open ports for client connections.

3. Network settings for different working modes

The problem encountered in the actual project is that the FTP client and server are on different networks, and there are at least four layers of firewalls between the two networks. The server only opens port 21, and the client machine does not open any ports. The passive mode used by the FTP client connection results in the client being able to log in successfully, but unable to LIST and read data. Obviously, it is because the server does not open the random port in passive mode.

In passive mode, the open ports on the server side are random, but the firewall must not be fully opened. The solution is to open the random ports in the passive mode between 50,000 and 60000 in the ftp server configuration (range in the ftp server software settings, you can set Any port segment on 1024), and then set rules on the firewall to open the port between 50000-60000 on the server side.

In active mode, the client's FTP software sets the port segment opened in active mode, and the corresponding port segment is opened on the client's firewall.

Four. How to set the working mode

Real-time FTP servers generally support active and passive modes. The FTP client software determines which mode is used for the connection.

Five. Java code configuration

In Java, the passive mode is used for the internal network, the active mode is used when the external network is connected, and the server is modified accordingly (only the online function is used to connect to the FTP with the passive mode and the error is not connected)

FTPClient ftpClient = new FTPClient();
ftpClient.connect(url, port);
// ftpClient.enterLocalActiveMode();    //主动模式
ftpClient.enterLocalPassiveMode(); //被动模式
ftpClient.setControlEncoding("UTF-8");
ftpClient.changeWorkingDirectory(path);