Recently do a project to use FTP and other systems for file transfer, the results of the FTP network connection problem spent a lot of time, because too long did not make more FTP, forget that FTP is not only open 21 port, the client using different connection mode to the network is different. Learn about FTP's active and passive modes here.
When using FTP, if all the ports between the client machine and the FTP server are open, there is no problem with the connection. If there is a firewall between the client and the server, if the fire prevention policy is not configured and the appropriate connection mode is used, the login will be successful, but the list of problems cannot be listed. To avoid this problem, first understand the FTP mode of operation.
1.FTP Port (active mode) and PASV (passive mode)
(1) PORT (active mode)
Port Chinese is called active mode, the principle of work: the FTP client connects to the FTP server 21 port, send the user name and password login, after successful login to list or read data, the client randomly open a port (more than 1024), send the port command to the FTP server, Tell the server client to take the active mode and open the port; After the FTP server receives the port Active mode command and port number, it sends the data through the server's port 20 port and the client open ports connection, the principle is as follows:
(2) PASV (passive mode)
PASV is the abbreviation of passive, Chinese becomes passive mode, working principle: FTP client connects to FTP server 21 port, send user name and password login, after successful login to list or read data, send PASV command to FTP server, The server randomly opens a port (over 1024) locally, and then tells the client that the open port is connected to the server's open port for data transfer, such as:
2. Comparison of two modes
From the previous run, you can see that the active mode and passive mode are different in a simple overview: The active mode is the "server" connection to the "client" port, and the passive mode is the port that the client connects to the server.
Active mode requires the client to open ports to the server, many clients are inside the firewall, open ports to FTP server access is more difficult.
Passive mode only requires the server-side open port to connect to the client.
3. Network settings for different operating modes
The problem I encountered in the actual project is that the FTP client and server are in different networks, there are at least 4 layers of firewalls between the two networks, the server has only 21 ports open, and the client machine does not open any ports. The passive mode used by the FTP client connection results in the client being able to log on successfully, but unable to list and read data. Obviously, it is because the server side is not open passive mode random port caused.
Due to the passive mode, the server-side open port is random, but the firewall to not all open, the solution is to configure the FTP server in the passive mode open random port between 50000-60000 (range in the FTP Server software settings, can be set on any 1024 port segment), Then set the rules in the firewall to open the port side between server side 50000-60000.
In active mode, the client's FTP software sets the active mode open port segment, which is open in the client's firewall to the corresponding port segment.
4. How do I set the operating mode?
haha, someone might ask the FTP server how to set the operating mode? On-the-fly FTP server generally supports both active and passive modes, and the connection mode is determined by the FTP client software.
Active mode and passive mode in FTP transmission