logo
Founded on 2005 by thought leaders in technology & IT solutions, with a mission is to build new internet driven new India scale data driven security & web solutions and enable businesses and consumers to interact safely.

Web Site Security

Cloud Management

Email Solutions

Payment Options
You can deposit direct fund to our ICICI Bank account by Cheque or Cash through any ICICI Bank Branch or ATM in India :
Account Name: Abit India Group
Account No.: 018205002680
Bank Name: ICICI Bank Ltd.
NEFT IFSC Code: ICIC0000182
Swift Code: ICICINBBCTS
Branch: Nashik Road

More Option

22-65350500

204, Nagpal House off Link Road, Bandra, Mumbai

Top

What is Active and Passive FTP port on server

Netspaceindia / New  / What is Active and Passive FTP port on server
Active and Passive FTP

What is Active and Passive FTP port on server

You all must be familiar with FTP and its uses. But question arises about Active and Passive FTP. What is it all about. This blog will answer your query with leaving no doubts behind.

What is Active and Passive FTP

Active and Passive are the two modes of an FTP server that can be placed in default mode by the administrator. (on Netspaceindia Linux Shared Hosting and Windows Shared Hosting we provide passive FTP) Active mode is the default mode which was the only mode earlier. It works when a user connects from any random port for a file transfer. This file transfer connects the client to port 21 on the server. When the client makes the initial connection and sends PORT, the server initiates the second connection back. The server connects from port 20 to the client port that is designated for the data channel. Now once connection is made, file transfers are then established through these client and server ports.

Active and passive FTP

Now, let us see in passive mode. In this connection, the client connects and sends the PASV command. This command functions as a request for a port number to be connected. Once the client receives a port, immediately the second connection starts and the data is send. This procedure works in tandem with a firewall which is configured to employ port forwarding for added security. Next, the data will get forwarded from the firewall ‘s port to the server’s port. This keeps the client outside from accessing the server directly.

What is the Difference Between Active and Passive FTP

Foe an authentic Control Connection the IP address used must be combined with an unused port. The port number is higher than 1024 and lower than 65535. Whereas, the ports below 1024 other than port 20 are restrained for other system services

Active Mode—The client gives a PORT command to the server. This command signals that it will “actively” provide an IP as well as port number. This will help to open the Data Connection back to the client.

Passive Mode—The client gives a PASV command that indicates it will wait “passively” for the server to give an IP and port number. After this the client will create a Data Connection to the server.

If at all the client fails to give a PASV command, then the Data Connection goes to the defaults port 20. It is an advice that the clients should not rely on the default values because these values are insecure. Moreover, the administrator of the firewall should make it a point that there is always a PASV connection made.

After the selection of IP address and port number, the party with the IP address and port will get the signals on the port specified. When the other party connects to the signaling party, the data transfer will take place Once data transfer is completed, the party that had initiated data transfer will close the data connection by signaling end-of-file (EOF).

How to enable the passive port range for Pure-FTPd

For the configuration of the file
vi /etc/pure-ftpd.conf

Now enable the passive port range
PassivePortRange 30000 50000

Save the pure-ftpd.conf file and restart FTP service.
/etc/init.d/pure-ftpd restart

Enable the passive port range for ProFTPd
vi /etc/proftpd.conf

add the following settings.
PassivePorts 30000 50000

Save the file and restart proftpd service.

You should enable passive port range into the server firewall.

CSF Firewall
vi /etc/csf/csf.conf

add port range 30000:50000
TCP_IN =
TCP_OUT =

Example

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000” TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000”

Make a note that there is no need to update in iptables if you have installed CSF firewall.
iptables -I INPUT -p tcp –dport 49152:65534 -j ACCEPT

And that’s it. Hope you have to get an answer for all the queries. If at all you have more questions related to this, do let us know.

 

Comments

I’ve been helping businesses to be online for over 15 years. Today my team and I focus on helping real businesses to overcome real life challenges and even get more traffic by improving how Google rates your website.