In FTP passive mode, the server opens limited ports, and the ftp server

In FTP passive mode, the server opens limited ports, and the ftp server

Many servers have established FTP services. FTP services have two connection modes: Active Mode and passive mode. For details about the two modes, refer to this article: Review the active and passive modes of FTP.

For the comparison between the two modes, the original article has the following description:

The differences between active and passive modes are as follows: when data is transmitted in active mode, the port connecting the server to the client is used; in passive mode, data transmission is the port on which the client connects to the server.
In active mode, the client must open the port to the server. Many clients are in the firewall and it is difficult to open the port to the FTP server.
In passive mode, you only need to open the port on the server to connect to the client.

As mentioned in many articles on the internet, passive connection is required, and random ports must be opened on servers. However, for security purposes, random ports are not allowed on servers, can we only open limited ports?

Let's take a look at the schematic diagram of the passive mode:

We can see which ports the Server opens are generated in steps 4th and 5th, so here we only need to make the server open a fixed (or limited) port.

I am a server built with vsftpd. In the vsftpd configuration, the configuration for enabling passive connections is as follows:

Open xxx/vsftpd. conf and add:

Pasv_enable = YES // enable PASV mode pasv_min_port = 40000 // minimum port number pasv_max_port = 40000 // maximum port number pasv_promiscuous = YES

Here, you only need to set the minimum port number and the maximum port number to the same, it becomes open fixed port (also open iptables ).