| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| ftp:active_vs_passive_ftp [2020/07/18 09:37] – old revision restored (2016/12/14 10:04) 204.12.226.26 | ftp:active_vs_passive_ftp [2020/07/19 22:52] (current) – old revision restored (2020/07/18 10:36) 192.99.10.93 |
|---|
| |
| When drawn out, the connection appears as follows: | When drawn out, the connection appears as follows: |
| |
| {{:ftp:activeftp.gif?300|}} | |
| |
| |
| In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4. | In step 1, the client's command port contacts the server's command port and sends the command PORT 1027. The server then sends an ACK back to the client's command port in step 2. In step 3 the server initiates a connection on its local data port to the data port the client specified earlier. Finally, the client sends an ACK back as shown in step 4. |
| ===== Passive FTP ===== | ===== Passive FTP ===== |
| |
| In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or PASV, after the command used by the client to tell the server it is in passive mode. | |
| |
| In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends P back to the client in response to the PASV command. The client then initiates the connection from port N+1 to port P on the server to transfer data. | |
| |
| From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened: | |
| |
| * FTP server's port 21 from anywhere (Client initiates connection) | |
| * FTP server's port 21 to ports > 1023 (Server responds to client's control port) | |
| * FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server) | |
| * FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port) | |
| |
| When drawn, a passive mode FTP connection looks like this: | |
| |
| {{:ftp:passiveftp.gif?300|}} | |
| |
| |
| |
| ===== References ===== | |
| |
| http://slacksite.com/other/ftp.html | |
