Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "what is the active and passive mode of FTP". The editor shows you the operation process through an actual case. The operation method is simple, fast and practical. I hope this article "what is the active and passive mode of FTP" can help you solve the problem.

FTP (File Transfer Protocol) is the abbreviation of File transfer Protocol. As the name suggests, the main function of FTP is to allow users to connect to a remote computer (where FTP server programs are running) to see what files are on the remote computer, and then copy the files from the remote computer to the local computer, or send the files from the local computer to the remote computer.

FTP supports two modes of transmission: text (ASCII) and binary (Binary). Usually, text files are transferred in ASCII mode, while non-text files such as images, sound files, encrypted and compressed files are transferred in binary mode. If a different number of computer bytes is used to transfer files from a system, then Tenex mode must be used. FTP uses ASCII as the default file transfer mode.

Active mode FTP

In active mode, the FTP client connects to the command port-port 21 of the FTP server from any non-special port (N > 1023). The client then listens on Numb1 (Numb1 > = 1024) port and sends commands to the FTP server through Numb1 (Numb1 > = 1024) port. The server, in turn, connects to the data port specified locally by the user, such as port 20.

With the server-side firewall as the foothold, to support active mode FTP, you need to open the ports used in the following interactions:

FTP server command (21) port accepts client any port (client initial connection) FTP server command (21) port to client port (> 1023) (server responds to client command) FTP server data (20) port to client port (> 1023) (server initialization data connects to client data port) FTP server data (20) port accepts client port ( > 1023) (the client sends ACK packets to the server's data port)

The figure is shown as follows:

In step 1, the command port of the client connects to the command port of the FTP server and sends the command "PORT 1027". Then in step 2, the FTP server returns a "ACK" to the client's command port. In step 3, the FTP server initiates a connection from its own data port (20) to the data port (1027) previously specified by the client, and finally the client returns a "ACK" to the server in step 4.

The main problem with active FTP actually lies in the client. The client of FTP does not actually establish a connection to the data port of the server, it simply tells the server the port number it is listening to, and the server comes back to connect to the specified port of the client. For the client's firewall, this is a connection from the external system to the internal client, which is usually blocked.

Passive mode FTP

In order to solve the problem of the connection initiated by the server to the customer, a different way of FTP connection has been developed. This is called passive mode, or PASV, which is enabled when the client informs the server that it is in passive mode.

In passive FTP, both command connection and data connection are made by the client, which can solve the problem that the incoming connection from the data port from the server to the client is filtered out by the firewall. When a FTP connection is opened, the client opens two arbitrary unprivileged local ports (N >; 1024 and Number1). The first port connects to port 21 of the server, but unlike active FTP, the client does not submit PORT commands and allows the server to connect back and forth to its data port, but to submit PASV commands. The result is that the server opens an arbitrary unprivileged port (P >; 1024) and sends a PORT P command to the client. The client then initiates a connection from local port Number1 to port P of the server to transmit data.

For server-side firewalls, the following communication must be allowed to support passive FTP:

FTP server command (21) port accepts client any port (client initial connection) FTP server command (21) port to client port (> 1023) (server responds to client command) FTP server data port (> 1023) accepts client port (> 1023) (client initialization data connects to any port specified by server) FTP server data port (> 1023) to client Port (> 1023) (the server sends ACK responses and data to the client's data port)

The figure is shown as follows:

In step 1, the command port of the client connects to the command port of the server and sends the command "PASV". Then in step 2, the server returns the command "PORT 2024", telling the client (server) which port to listen for the data connection. In step 3, the client initializes a data connection from its own data port to the data port specified by the server. Finally, the server returns a "ACK" response to the client's data port in step 4.

Passive FTP solves many problems on the client side, but brings more problems to the server side at the same time. The biggest problem is the need to allow connections from any remote terminal to the high port of the server. Fortunately, many FTP daemons, including the popular WU-FTPD, allow administrators to specify the port range used by the FTP server. See Appendix 1 for details.

The second problem is that some clients support passive mode and some do not support passive mode. You must consider how to support these clients and provide them with solutions. For example, the FTP command line tool provided by Solaris does not support passive mode and requires a third-party FTP client, such as ncftp.

With the widespread popularity of WWW, many people are used to using web browsers as FTP clients. Most browsers support passive mode only when accessing URL such as ftp://. Whether this is good or bad depends on the configuration of the server and firewall.

Remarks

Some readers have pointed out that when the NAT (Network Address Translation) device accesses the FTP server in active mode, the server cannot be accessed because the NAT device will not cleverly change the IP address in the FTP package.

Summary

The following chart will help administrators remember how each FTP method works:

Active FTP:

Command connection: client > port 1023-> server port 21 data connection: client > port 1023

Passive FTP:

Command connection: client > port 1023-> server port 21 data connection: client > port 1023-> server > port 1023

Active FTP is beneficial to the management of FTP server, but not to the management of client. Because the FTP server attempts to establish a connection with the client's high random port, which is likely to be blocked by the client's firewall. Passive FTP is good for the management of FTP client, but not for the management of server. Because the client has to establish two connections with the server, one of which is connected to a high random port, which is likely to be blocked by the server-side firewall.

Fortunately, there is a compromise. Since administrators of FTP servers need their servers to have the most customer connections, passive FTP must be supported. We can reduce the exposure of the server's high port by specifying a limited range of ports for the FTP server. In this way, any port outside this range will be blocked by the server's firewall. While this does not eliminate all risks to the server, it greatly reduces the risk.

This is the end of the content about "what are the active and passive modes of FTP". Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.