Reprint address https://my.oschina.net/binny/blog/17469
When using FTP, if all ports between the client machine and the FTP server are open, there is no problem with the connection. If there is a firewall between the client and the server, if the firewall policy is not configured and the appropriate connection mode is used, the login will be successful, but the list will not be listed. To avoid such problems, we must first understand the working mode of FTP.
1. PORT (active mode) and PASV (passive mode) of FTP
(1) PORT (active mode)
PORT is called active mode in Chinese. The working principle is as follows: The FTP client connects to the 21 port of the FTP server, sends the user name and password to log in. After successful login, when the client wants to list the list or read the data, the client randomly opens a port (above 1024) , send the PORT command to the FTP server to tell the server that the client uses the active mode and open the port; after the FTP server receives the PORT active mode command and the port number, it connects the 20 port of the server and the open port of the client to send data. The principle is as follows picture:
(2) PASV (passive mode)
PASV is the abbreviation of Passive, Chinese becomes passive mode, working principle: The FTP client connects to the 21 port of the FTP server, sends the user name and password to log in, after successful login, when you want to list the list or read the data, send the PASV command to the FTP server, The server opens a random port (above 1024) locally, and then informs the client of the open port, and the client connects to the open port of the server for data transmission. The principle is as follows:
2. Comparison of the two modes
From the above operation, it can be seen that the difference between active mode and passive mode is simply summarized as follows: When transmitting data in active mode, the "server" is connected to the port of "client"; when transmitting data in passive mode, the "client" is connected to the "server". " port.
In active mode, the client must open the port to the server. Many clients are in the firewall, and it is difficult to open the port for the FTP server to access.
Passive mode only requires the server to open ports for client connections.
3. Network settings for different working modes
The problem I encountered in the actual project is that the FTP client and server are on different networks, and there are at least 4 layers of firewalls between the two networks. The server only opens port 21, and the client machine does not open any ports. The passive mode of the FTP client connection is used. As a result, the client can log in successfully, but cannot list and read data. Obviously, it is because the random port in passive mode is not opened on the server side.
Because in passive mode, the open ports on the server side are random, but the firewall must not be fully open. The solution is to open random ports between 50000-60000 in the passive mode of the ftp server configuration (the range is in the ftp server software settings, which can be set Any port segment on 1024), and then set the rules on the firewall to open the port between 50000-60000 on the server side.
In active mode, the client's FTP software sets the port segment open in active mode, and opens the corresponding port segment on the client's firewall.
4. How to set the working mode?
Haha, someone may ask how the FTP server is set to work mode? The real-time FTP server generally supports active and passive modes, and the connection mode is determined by the FTP client software.