Active FTP vs Passive FTP
I know you hate learning on Sunday’s. But this one worth a read.
Lets once again understand the basics of FTP Server. You should be knowing more than just installing the package using yum and then configuring /etc/vsftpd/vsftpd.conf for some very basic configuration taught in RHCE Training.
Learn more, to earn more.
FTP has two key components: a client and a server.
So here goes some finer points about FTP.
1. FTP is a stateful protocol, i.e that connections between clients and servers are created and kept open during an FTP session.
2. Commands that are issued to the FTP server (for example, to upload a file or list files in a directory) are executed consecutively.
3. If a command arrives while another command is being executed, then the new command is queued and will execute when the current command has been completed.
4. While doing a FTP connection, two types of connections are initiated. 1. Control connection (also known as command) 2. Data connection.
5. So that means that when you connect to FTP server, using “ftp ip-address” command, yes the same command you are giving since your RHCE Training days, a single Control connection is established by default using the TCP port 21. This connection is used for the authentication process, for sending commands, and for receiving response from the server. It will not do any sending and receiving of information or files.
6. The Data connection handles sending and receiving files. A data connection is established only when a file needs to be transferred and is closed at the end of the transfer.
Now, here you must understand that two types of data connection exist:
Active connections – use the PORT command and are initiated by the remote server, and the client listens for the connection.
Passive connections – use the PASV command; the client initiates the connection to the remote server, and the server listens for the data connections. When the client starts a transfer, it tells the server what type of connection it wants to make.
Hmmmm …. didn’t understood .. want more on that .. ok ..read further.
In ACTIVE mode, the client connects from a random source port in the ephemeral port range to the FTP control port 21. All commands and response codes are sent on this control connection. When you actually want to transfer a file, the remote FTP server will initiate a connection from the FTP data port 20 on the server system back to a destination port in the ephemeral port range on the client. This destination port is negotiated by the port 21 control connection. Often, the destination port used is one port number higher than the source port on the client. Active mode connections often have issues with firewalls. On the server side with an active mode connection, you need to have the TCP ports 20 and 21 open on your firewall. On the client side, you need the range of ephemeral ports open. Often opening these ports is hard
to do if your FTP client is behind a firewall.
In PASSIVE mode, the client initiates both sides of the connection. First, the client initiates the control connection from a random ephemeral port on the client to the destination port of 21 on the remote server. When it needs to make a data connection, the client will issue the PASV command. The server will respond by opening a random ephemeral port on the server and pass this port number back to the client via the control connection. The client will then open a random ephemeral source port on the client and initiate a connection between that port and the destination remote port provided by the FTP server.
PS: The Internet Assigned Numbers Authority (IANA) suggests the range 49152 to 65535 (215+214 to 216-1) for dynamic or private ports or ephemeral ports.
In modern FTP clients and servers, the most common connection type is PASSIVE connections.
So GEEKS, you can say that in FTP. PASSIVE is active now a days.