FTP active mode and passive mode, and Java ftpclient mode settings

Source: Internet
Author: User
Tags ftp client

Active mode and passive mode of FTP

The FTP server communicates with the FTP client using 20 and 212 network ports.
The FTP server's 21 port is used to transfer FTP control commands, and 20 ports are used to transfer file data.


FTP Active Mode:
The FTP client sends the connection request to the FTP control port of the server (by default, 21), the server accepts the connection, establishes a command link, and when the data needs to be transferred, the client tells the server with the Port command on the command link I open a port, you come to connect me. The server then sends a connection request from Port 20 to the client and establishes a data link to transmit the data. In the data link establishment process is the server unsolicited request, so called the active mode.

When the client connects to the server and uses port mode, Client B sends a

Command tells the server (client B opens a port on the local n waiting for you to make a data connection), when the server receives the Port command, it will be opened to the client to the ports N to connect, this data connection is generated.


FTP Passive mode:
The FTP client sends a connection request to the server's FTP control port (default 21), the server accepts the connection, establishes a command link, and when the data needs to be transferred, the server tells the client by using the PASV command on the command link, and I open a port and you come over to me. The client then sends a connection request to the port on the server and establishes a data link to transmit the data. In the process of data link establishment, the server waits for the client's request passively, so it is called passive mode.
As can be seen from the above points, the FTP server active and passive mode is based on the FTP server data transfer connection active or passive.
For the network firewall between the FTP server and the client, both the server side and the client side of the network firewall settings policy ensure that the FTP server and the client can properly establish the command link and the data link.

When the client B is connected to the server, using the PASV mode, the server will send messages to the client, this information is (the server opened a port in the local m, you now go to connect me), when the client received this information, the server can be connected to the M port, the connection is successful, the data connection was established.

Active mode:
When a connection is established between the client and the server, the client is on a port greater than 1024 and the server is Port 20.
The client's port is greater than 1024, and the server's port is a 21-port receive request, but the 20 port responds to the client.
Allow the FTP client to connect to the server's 21 port from a port greater than 1024.
Allow the FTP server to respond from port 21 to network connections that are larger than 1024 ports in the FTP client.
Allow FTP servers to actively connect to ports greater than 1024 in FTP clients from Port 20
Allows the FTP client to respond to a network connection from the FTP server's 20 port from a port greater than 1024.
Passive mode:
The connection between the client and the server is on a port greater than 1024.
The client's port is greater than 1024, and the server's port is a 21-port receive request, but instead responds to the client from a greater than 1024 port.
Allow the FTP client to connect to the server's 21 port from a port greater than 1024.
Allow the FTP server to respond from port 21 to network connections that are larger than 1024 ports in the FTP client.
Allow the FTP client to connect to an FTP server greater than 1024 ports from a port greater than 1024.
Allow FTP servers to respond to network connections from FTP clients larger than 1024 ports from ports greater than 1024

Client open x port greater than 1024 (21 bar) connection Server 21 (command port), open x+1 port at the same time
When Port 21st is successfully connected, client sends the PASV command, notifies the server that it is in passive mode, and when the server receives the message, it will open a port greater than 1024 to notify Client,client to connect to the server's Y port after receiving the notification. Simply put, the client is actively connected to the server.

A brief summary of the pros and cons of active and passive ftp:
Active FTP is advantageous to the management of FTP server, but it is disadvantageous to the management of the client. Because the FTP server attempts to establish a connection to the client's high-level random port, the port is likely to be blocked by the client's firewall.
Passive FTP is advantageous to the management of FTP client, but it is disadvantageous to server side management. Because the client is going to establish two connections to the server, one of them is connected to a high-level random port, and the port is likely to be blocked by the server-side firewall.
Fortunately, there is a compromise. Since the FTP server administrator needs their servers to have the most client connections, passive FTP must be supported. We can reduce the exposure of the server high port by specifying a limited port range for the FTP server. Thus, any port that is not in this range will be blocked by the server's firewall. While this does not eliminate all threats against the server, it greatly reduces the risk.

FTP active vs. Passive pros and Cons:
In the case of ISA (Industry standard Architecture System Industry Standards architecture is a bus on the IBM PC compatible machine), if passive mode is used, since IIS is completely randomly selecting a port and informing the customer, then the customer makes an active connection, This means that on the ISA, you have to allow the dynamic inbound connection for all ports, which is certainly not possible, because it is too dangerous to open all the port connections.
If the active mode (port mode) is used, IIS chooses the ports and actively connects with the customer, so there is no need to open all the dynamic inbound connections like PASV mode, and on the contrary, we need to open all the dynamic outbound connections and increase security. And the IP PACKET filter for ISA only works on the ISA machine and does not cause the client in the LAN to "put the sheep".

FtpClient in passive mode, the transfer file uses a port range of 0, which can be called setactiveportrange when setting the active mode.

When using ftpclient under Windows, you need to handle the defect of the next FTP primary passive mode in Windows, and you need to run the following command:

netsh advfirewall firewall add rule name= "FTP Service" Action=allow service=ftpsvc protocol=tcp dir=in
netsh advfirewall set global statefulftp disable

https://technet.microsoft.com/zh-cn/library/dd421710 (v=ws.10). aspx

3.java, the intranet with the passive mode, the external network connection with the active mode, the server corresponding changes (only with the on-line function with passive mode to connect FTP error connection)

FtpClient ftpclient = new FtpClient ();

Ftpclient.connect (URL, port);

Ftpclient.enterlocalactivemode (); Active mode
Ftpclient.enterlocalpassivemode (); Passive mode
Ftpclient.setcontrolencoding ("UTF-8");
Ftpclient.changeworkingdirectory (path);

FTP active mode and passive mode, and Java ftpclient mode settings

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.