Reprinted from: http: //www.west999.com/cms/wiki/server/2018-11-16/49417.html
FTP is a TCP-based services, except that FTP FTP uses two ports, a data port and a command port (also known as the control port), this technology is Western Digital Channel small as we share the analysis of active and passive FTP the advantages and disadvantages mode, a look at it!
Active mode
1. FTP client use TCP port 1026 for command to FTP server command port 21
2. FTP server use TCP port 21 responed? to FTP client command port 1026
3. FTP server use TCP port 20 for sending data to FTP client data port 1027 (1026 + 1)
4. FTP client use TCP port 1027 ( 1026 + 1) for data ACK to FTP server port 20
Passive mode
1. FTP client use TCP port 1026 to FTP server command port 21 via command PASV
2. FTP server use TCP port 21 to FTP client 1026 command port for reply data port 2024
3. FTP client use TCP port 1027 (N+1) to FTP server 2024 for data transmit and ACK
4. FTP server use TCP port 2024 to FTP client for data transmit and ACK
?
FTP is a TCP based services only, does not support UDP. FTP is unique utilizes two ports, a data port and a command port (also known as the control port). Typically these are port 21 (port command), and 20 (data port). FTP but different ways of working, the data port is not always 20. This is the FTP active and passive mode at the biggest difference.
(A) Active FTP
FTP active mode is such that: a client connection from any unprivileged port N (N> 1024) to the FTP server command port (port 21). Then the client starts listening to port N + 1, and transmits the FTP command "port N + 1" to the FTP server. Then the server from its own data connection port (20) to the port specified by the client data (N + 1).
FTP server for the front of the firewall, it must allow the following communication to support active mode FTP:
1. any ports greater than 1024 port 21 to the FTP server. (Client initiates connection)
21 to 2. FTP server The port is greater than 1024 port. (Server client responsive to the control port)
20 3. FTP server port to the ports greater than 1024. (Server initiates the data connection to the client's data port)
4. port is greater than 1024 port to the FTP server 20 (the client sends an ACK in response to the data port of the server)
(B) Passive FTP
In order to solve the server to the client initiates a connection problem, people have developed a different FTP connection. This is called passive mode, or called PASV, only when the client tells the server it is in passive mode.
In passive mode FTP, the command and data connections initiated by the client, this problem can be solved from the server to the incoming data port of the client's firewall is filtered out.
When opening an FTP connection, the client opens two random unprivileged local port (N> 1024 and N + 1). The first 21-port port connection to the server, but with different FTP active mode, the client does not submit PORT command and allowing the server to connect back to its data port, but submitted PASV command. The result of this is that the server then opens a random unprivileged port (P> 1024), and sends the PORT P command to the client. The client then initiates the connection port P 1 to the server to transfer the data from the local port N +.
For server-side firewall, it must allow the following communications to support passive mode FTP:
1. From any ports greater than 1024 to the server (client initiates connection) 21 port
2. The server port 21 to any port is greater than 1024 (a response server connected to the control port of the client)
3. from any ports greater than 1024 greater than 1024 to a server port (connection client server initialization data to any specified port)
port is greater than 4. the server 1024 to the remote port is greater than 1024 (and the server sends ACK response data to the client data port)
(C) the advantages and disadvantages of active and passive FTP
Active FTP is beneficial to the FTP server, but detrimental to the client's management. The FTP server attempts with random high client establishes a connection port, and this port is likely to be blocked by client firewalls. Passive FTP management FTP client beneficial, but detrimental to the management of the server. Because the client will make both connections to the server-side, one of which is connected to a random high port, and this port is likely to be blocked by a firewall on the server side.
Fortunately, there is a compromise. Since FTP server administrator needs to their server has the most clients, you will need to support passive FTP. We can reduce the high server by specifying a limited port range exposed to the FTP server port. In this way, not in the scope of any server port will be blocked by a firewall. Although this does not eliminate all the risk for the server, but it greatly reduces the risk.
in short:
Active mode (PORT) and passive mode (PASV). Active mode is to initiate a connection from the server to the client; passive mode the client initiates a connection to the server. Both common port 21 is used both for user authentication and management, wherein the difference data is transmitted in different ways, PORT mode FTP server data port 20 is fixed, while the PASV mode at random between 1025-65535
Resolve and principle FTP passive mode and active mode
FTP is an abbreviation of File Transfer Protocol (File Transfer Protocol), used to transfer files between the two computers to each other. Compared to HTTP, FTP protocol is much more complex. Complex reasons, because the FTP protocol to use two TCP connections, a link command is used between the FTP client and server communicate commands; the other is the data link is used to upload or download data.
FTP protocol has two modes: PORT mode and PASV mode, Chinese meant to active and passive.
Connection process PORT (active) mode are: FTP client to the server port (default 21) transmits a connection request, the server accepts the connection, establishing a link command. When you need to transfer data, the client tells the server on the command link with the PORT command: "I opened the XXXX port, you connect me to come." Thus XXXX server port 20 from the port sends a connection request to the client to establish a data link to transmit data.
Connection process the PASV (passive) mode are: FTP client to the server port (default 21) transmits a connection request, the server accepts the connection, establishing a link command. When you need to transfer data, the server on the command link tells the client to use PASV command: "I opened the XXXX port, you connect me to come." Thus the client request sent to the port connection XXXX server, establishing a data link to transmit data.
Summary:
------------------------------------------------ --------------------------------
active mode: knock server to the client, and the client open
a passive mode: client end server to knock on the door, and then the server to open the door
so if you are the Internet through a proxy if so, can not use active mode, because the server is knocking the door of the Internet proxy server, not the client's door knocking
and sometimes, the client not easily open the door, because there is a firewall blocking, high-end unless the client open port greater than 1024
------------------------------ --------------------------------------------------