FTP 20 21-port and active-Passive mode

FTP supports only TCP connections and does not support UDP connections.

FTP uses two ports: 21 (Control port, command Port), 20 (data port)

21 Port: Used to control user authentication, connection setup and shutdown: Open/close/bye

20 port: Used to transfer data.

Two connections: Command connection (control connection), data connection

The FTP protocol uses the port is 21 (also known as the control port), actually has one data port 20, according to the FTP work way different, the data port also is not all 20, the active mode passive mode uses the data port to be dissimilar.

Who is active and passive relative to who?

* ** * * * * This is relative to the FTP server's data connection. ******

Active mode: Port mode, passive mode called PASV mode: Passive: passive/negative.

Active, initiative, passion:n. Passion, Passion ...: passion is energy.  Live with passion! Passion is con ' tagious [k2n ' teid32s]. Con ' tagiousness con ' tagiously.

1. Active mode ftp: The client connects to the FTP server's command port from an arbitrary non-privileged port N, which is port 21. The client then starts listening on port n+1 and sends the FTP command "Port n+1" to the FTP server. The server then connects to the client-specified data port (n+1) from its own data port (20).

For firewalls in front of the FTP server, the following traffic must be allowed to support active ftp:

1. Any port greater than 1024 to the 21 port of the FTP server. (Client-initiated command connection )

2, the FTP server 21 port to the port greater than 1024. (server responds to client's control port)

3, the FTP server 20 port to the port greater than 1024. (Server-side initialization data is connected to the client's data port)

4, more than 1024 ports to the FTP server 20 port (the client sends an ACK response to the server's data port)

2. Passive FTP

In order to solve the problem that the server initiates the connection to the customer, a different FTP connection method has been developed. This is called passive, or PASV, which is enabled when the client notifies the server that it is in passive mode .

In passive mode FTP, both the command connection and the data connection are initiated by the client, which resolves the problem that the in-direction connection of the data port from the server to the client is filtered out by the client's firewall.

When an FTP connection is turned on, the client opens two arbitrary non-privileged local ports (n>1024 and n+1). The first port connects to the server's port 21, but unlike proactive FTP, the client does not submit the Port command and allows the server to back up its data port, but instead submits the PASV command. The result is that the server opens an arbitrary non-privileged port (p>1024) and sends the Port P command to the client. The client then initiates a connection from the local port n+1 to the server's port p to transmit the data.

For a server-side firewall, the following traffic must be allowed to support passive ftp:

1, from any port greater than 1024 to the server's 21 port (client-initiated connection)

2, the server's 21 port to any port greater than 1024 (the server responds to the client's control port connection)

3, from any greater than 1024 ports to the server than the 1024 port (client-initiated data connection to any port specified by the server)

4. The server is larger than 1024 ports to the remote port greater than 1024 (the server sends an ACK response and data to the client's data port)

The above explanations for active and passive FTP can be summarized in the following two points:

1. Active ftp:

Command connection: Client (greater than 1024 ports ) N -------------> Server 21 port

　　　　　　　　The middle command is: client----(port n+1)-----> Server side.

Data connection: Client (greater than 1024 ports ) n+1 <-----(active mode)------Server 20 Port

2. Passive ftp:

Command connection: Client (greater than 1024 ports ) N -----------------> Server 21 port

The intermediate command is: client------(PASV)----> server side;

　　　　　　　　　　　　　 　　Client <-----(port P)-----Server side.

Data connection: Client (greater than 1024 ports)n+1 --------(Passive mode)-------> server (greater than 1024 ports) p-Port

That is, the client is always two ports n and n+1;   The port of the server is either: 21, 20; Either the P (random port of >1024).

Three, Active mode FTP and passive mode FTP advantages and disadvantages:

Active FTP is advantageous to the management and security of FTP server, but it is disadvantageous to the management of the client. Because the FTP server attempts to establish a connection to the client's high-level random port, the port is likely to be blocked by the client's firewall . Passive FTP is advantageous to the management of FTP client, but it is disadvantageous to server side management. Because the client is going to establish two connections to the server, one of the data connections is connected to a high-level random port, and the port is likely to be blocked by a server-side firewall.

Send Port n+1, port p for the purpose?

Just to tell each other that I have provided and ready the N+1 port, or P port, you can connect to my port.

Because if you do not tell the other side: Port n+1, Port P, then the other side is unable to know to connect you which port, so the connection will not be established!

Use "Knock and open door" to understand FTP port mode and PASV mode?

--------------------------------------------------------------------------------
Active mode: The server knocks at the client and then the client opens
Passive mode: The client knocks at the server and the server opens
Therefore, if you are online through the agent, you can not use the active mode, because the service is knocking on the Internet proxy server door, rather than knocking on the client door
And sometimes, the client is not easy to open the door, because there is a firewall blocking, unless the client open more than 1024 high-end port

--------------------------------------------------------------------------------

To use the active mode to download, please download the passive mode of the tool (PASV) do not tick, active mode to download the OK, If in error, then passively actively convert to each other

How to close the Common FTP client software PASV method

* * * * Most FTP clients use PASV mode by default, PASV mode is passive mode. in most of the FTP client settings, the words are often "PASV" or "passive mode".

Either the server side or the Client Download tool (FTP tool) says that both the active mode and the passive mode are the same = = = = Consistent meaning * * * *

IE: "Using Passive FTP", advanced Internet Options, tools, and more (requires more than IE6.0).

Cuteftp:edit, Setting, Connection, Firewall, PASV Mode
or File--site Manager, on the left, select sites, Edit, "Use PASV mode"

FlashGet: "PASV mode", editor, direct connection, proxy Server, options, tools

FlashFXP: Agent/Firewall/identity--"using passive mode", option, parameter selection
or site management, corresponding site, options, use passive mode
or quick Connect, toggle, use Passive mode

Leapftp:option->preferences, General->proxy->use PASV Mode

As can be seen from the above, the two ways of the command link connection method is the same, and the data link building method is completely different. And the complexity of FTP is that .

How does Linux FTP set the PASV mode?

FTP--h list The use of FTP commands

Ftp-a Enable Active mode

FTP-P: Enable passive mode (default is passive mode).

　　

FTP 20 21-port and active-Passive mode