
You all must be familiar with FTP and its uses. But the question arises about Active and Passive FTP. What is it all about? This blog will answer your query without leaving any doubts behind.
Table of Contents
What is Active and Passive FTP
Active and Passive are the two modes of an FTP server that can be placed in default mode by the administrator. (on Netspaceindia Linux Shared Hosting and Windows Shared Hosting we provide passive FTP) Active mode is the default mode which was the only mode earlier. It works when a user connects from any random port for a file transfer. This file transfer connects the client to port 21 on the server. When the client makes the initial connection and sends PORT, the server initiates the second connection back. The server connects from port 20 to the client port that is designated for the data channel. Now once the connection is made, file transfers are then established through these client and server ports.

Now, let us see it in passive mode. In this connection, the client connects and sends the PASV command. This command functions as a request for a port number to be connected. Once the client receives a port, immediately the second connection starts and the data is sent. This procedure works in tandem with a firewall which is configured to employ port forwarding for added security. Next, the data will get forwarded from the firewall‘s port to the server’s port. This keeps the client outside from accessing the server directly.

What is the Difference Between Active and Passive FTP
For an authentic Control Connection, the IP address used must be combined with an unused port. The port number is higher than 1024 and lower than 65535. Whereas, the ports below 1024 other than port 20 are restrained for other system services.
Active Mode
The client gives a PORT command to the server. This command signals that it will “actively” provide an IP as well as the port number. This will help to open the Data Connection back to the client.
Passive Mode
The client gives a PASV command that indicates it will wait “passively” for the server to give an IP and port number. After this, the client will create a Data Connection to the server.
If at all the client fails to give a PASV command, then the Data Connection goes to the defaults port 20. It is advised that the clients should not rely on the default values because these values are insecure. Moreover, the administrator of the firewall should make it a point that there is always a PASV connection made.
After selecting the IP address and port number, the party with the IP address and port will get the signals on the port specified. When the other party connects to the signaling party, the data transfer will take place. Once the data transfer is complete, the party that had initiated the data transfer will close the data connection by signaling the end-of-file (EOF).
How to enable the passive port range for Pure-FTPd
For the configuration of the file
vi /etc/pure-ftpd.conf
Now enable the passive port range
PassivePortRange 30000 50000
Save the pure-ftpd.conf file and restart FTP service.
/etc/init.d/pure-ftpd restart
Enable the passive port range for ProFTPd
vi /etc/proftpd.conf
add the following settings.
PassivePorts 30000 50000
Save the file and restart proftpd service.
You should enable passive port range into the server firewall.
CSF Firewall
vi /etc/csf/csf.conf
add port range 30000:50000
TCP_IN =
TCP_OUT =
Example
TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000” TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000”
Make a note that there is no need to update in iptables if you have installed CSF firewall.
iptables -I INPUT -p tcp –dport 49152:65534 -j ACCEPT
Final Thoughts
And that’s it. Hope you got an answer to all the queries. If at all you have more questions related to this, do let us know.
Shashi kant Pandidhar
Leave a Comment
About Me
Shashi kant Pandidhar
Related Posts
Follow Us
Ads
Subscribe: Trusted By 1M+ Readers
Get the weekly Tech Update straight to your inbox.

