You all must be familiar with FTP and its uses. But question arises about Active and Passive FTP. What is it all about. This blog will answer your query with leaving no doubts behind.
What is Active and Passive FTP
Active and Passive are the two modes of an FTP server that can be placed in default mode by the administrator. (on Netspaceindia Linux Shared Hosting and Windows Shared Hosting we provide passive FTP) Active mode is the default mode which was the only mode earlier. It works when a user connects from any random port for a file transfer. This file transfer connects the client to port 21 on the server. When the client makes the initial connection and sends PORT, the server initiates the second connection back. The server connects from port 20 to the client port that is designated for the data channel. Now once connection is made, file transfers are then established through these client and server ports.
Now, let us see in passive mode. In this connection, the client connects and sends the PASV command. This command functions as a request for a port number to be connected. Once the client receives a port, immediately the second connection starts and the data is send. This procedure works in tandem with a firewall which is configured to employ port forwarding for added security. Next, the data will get forwarded from the firewall ‘s port to the server’s port. This keeps the client outside from accessing the server directly.
Foe an authentic Control Connection the IP address used must be combined with an unused port. The port number is higher than 1024 and lower than 65535. Whereas, the ports below 1024 other than port 20 are restrained for other system services
Active Mode—The client gives a PORT command to the server. This command signals that it will “actively” provide an IP as well as port number. This will help to open the Data Connection back to the client.
Passive Mode—The client gives a PASV command that indicates it will wait “passively” for the server to give an IP and port number. After this the client will create a Data Connection to the server.
If at all the client fails to give a PASV command, then the Data Connection goes to the defaults port 20. It is an advice that the clients should not rely on the default values because these values are insecure. Moreover, the administrator of the firewall should make it a point that there is always a PASV connection made.
After the selection of IP address and port number, the party with the IP address and port will get the signals on the port specified. When the other party connects to the signaling party, the data transfer will take place Once data transfer is completed, the party that had initiated data transfer will close the data connection by signaling end-of-file (EOF).
For the configuration of the file
Now enable the passive port range
PassivePortRange 30000 50000
Save the pure-ftpd.conf file and restart FTP service.
Enable the passive port range for ProFTPd
add the following settings.
PassivePorts 30000 50000
Save the file and restart proftpd service.
You should enable passive port range into the server firewall.
add port range 30000:50000
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000” TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000”
Make a note that there is no need to update in iptables if you have installed CSF firewall.
iptables -I INPUT -p tcp –dport 49152:65534 -j ACCEPT
And that’s it. Hope you have to get an answer for all the queries. If at all you have more questions related to this, do let us know.