Always forget the difference between FTP active and passive mode. Put it here for future reference.

FTP is a TCP-only service and does not support UDP. The difference is that FTP uses 2 ports, a data port and a command port (also called a control port). Typically these two ports are 21 (command port) and 20 (data port). But the way FTP works, the data port is not always 20. This is the biggest difference between active and passive FTP. 

(1) Active FTP 
        Active FTP is like this: the client connects to the command port of the FTP server from an arbitrary unprivileged port N (N>1024), which is port 21. Then the client starts listening on port N+1 and sends the FTP command "port N+1" to the FTP server. The server will then connect from its own data port (20) to the client-specified data port (N+1).
    For the firewall in front of the FTP server, the following traffic must be allowed to support active FTP:    
    1. Any port greater than 1024 to port 21 of the FTP server. (Connection initiated by the client) 
    2. Port 21 of the FTP server to a port greater than 1024. (The server responds to the client's control port)
    3. Port 20 of the FTP server to a port greater than 1024. (The server-side initialization data is connected to the client's data port)
    4. Ports greater than 1024 to port 20 of the FTP server (the client sends an ACK response to the data port of the server)

    (2) Passive FTP 
    In order to solve the problem that the server initiates the connection to the client, a different FTP connection method has been developed. This is called passive mode, or PASV, and is only enabled when the client informs the server that it is in passive mode.
   In passive FTP, both the command connection and the data connection are initiated by the client, which solves the problem that the inbound connection from the server to the client's data port is filtered out by the firewall.
   When opening an FTP connection, the client opens two arbitrary unprivileged local ports (N > 1024 and N+1). The first port connects to port 21 of the server, but unlike active FTP, the client does not submit a PORT command and allows the server to connect back and forth to its data port, but instead submits a PASV command. The result of this is that the server will open an arbitrary unprivileged port (P > 1024) and send the PORT P command to the client. The client then initiates a connection from the local port N+1 to the server's port P to transmit data. 
       For server-side firewalls, the following traffic must be allowed to support passive FTP:     
    1. From any port greater than 1024 to the server's port 21 (client-initiated connection) 
    2. From the server's port 21 to any port greater than 1024 (server response to the client's control port connection)
    3. From any port greater than 1024 Port greater than 1024 to the server (the client initiates a data connection to any port specified by the server)
    4. The server's port greater than 1024 to the remote port greater than 1024 (the server sends an ACK response and data to the client's data port)
     The above explanations about active and passive FTP can be briefly summarized as the following two points:
    1. Active FTP: 
            Command Connection: Client > 1024 Port -> Server 21 Port 
            Data Connection: Client > 1024 Port <- Server 20 Port
    2. Passive FTP:
            Command Connection: Client > 1024 Port - > Server 21 port
            data connection: client > 1024 port -> server > 1024 port
  (3) Advantages and disadvantages of active and passive FTP:       
   Active FTP is good for FTP server management, but bad for client management. Because the FTP server attempts to establish a connection with the client's high-order random port, which is likely to be blocked by the client's firewall. Passive FTP is good for FTP client management but bad for server side management. Because the client needs to establish two connections with the server, one of which is connected to a high random port, and this port is likely to be blocked by the firewall on the server.