Skip to content

What is Active and Passive FTP port on server

Active and Passive FTP are the two different modes of an FTP server that can be placed in default mode by the administrator. Understand the difference and learn how to enable the passive port range for Pure-FTPd.
ftp port numbers

You all must be familiar with FTP and its uses. But the question arises about Active and Passive FTP. What is it all about? This blog will answer your query without leaving any doubts behind.

Table of Contents

What is Active and Passive FTP

Active and Passive are the two modes of an FTP server that can be placed in default mode by the administrator. (on Netspaceindia Linux Shared Hosting and Windows Shared Hosting we provide passive FTP) Active mode is the default mode which was the only mode earlier. It works when a user connects from any random port for a file transfer. This file transfer connects the client to port 21 on the server. When the client makes the initial connection and sends PORT, the server initiates the second connection back. The server connects from port 20 to the client port that is designated for the data channel. Now once the connection is made, file transfers are then established through these client and server ports.

active ftp

Now, let us see it in passive mode. In this connection, the client connects and sends the PASV command. This command functions as a request for a port number to be connected. Once the client receives a port, immediately the second connection starts and the data is sent. This procedure works in tandem with a firewall which is configured to employ port forwarding for added security. Next, the data will get forwarded from the firewall‘s port to the server’s port. This keeps the client outside from accessing the server directly.

 

passive ftp

What is the Difference Between Active and Passive FTP

For an authentic Control Connection, the IP address used must be combined with an unused port. The port number is higher than 1024 and lower than 65535. Whereas, the ports below 1024 other than port 20 are restrained for other system services.

Active Mode

The client gives a PORT command to the server. This command signals that it will “actively” provide an IP as well as the port number. This will help to open the Data Connection back to the client.

Passive Mode

The client gives a PASV command that indicates it will wait “passively” for the server to give an IP and port number. After this, the client will create a Data Connection to the server.

If at all the client fails to give a PASV command, then the Data Connection goes to the defaults port 20. It is advised that the clients should not rely on the default values because these values are insecure. Moreover, the administrator of the firewall should make it a point that there is always a PASV connection made.
After selecting the IP address and port number, the party with the IP address and port will get the signals on the port specified. When the other party connects to the signaling party, the data transfer will take place. Once the data transfer is complete, the party that had initiated the data transfer will close the data connection by signaling the end-of-file (EOF).

How to enable the passive port range for Pure-FTPd

For the configuration of the file
vi /etc/pure-ftpd.conf

Now enable the passive port range
PassivePortRange 30000 50000

Save the pure-ftpd.conf file and restart FTP service.
/etc/init.d/pure-ftpd restart

Enable the passive port range for ProFTPd
vi /etc/proftpd.conf

add the following settings.
PassivePorts 30000 50000

Save the file and restart proftpd service.

You should enable passive port range into the server firewall.

CSF Firewall
vi /etc/csf/csf.conf

add port range 30000:50000
TCP_IN =
TCP_OUT =

Example

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000” TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000”

Make a note that there is no need to update in iptables if you have installed CSF firewall.
iptables -I INPUT -p tcp –dport 49152:65534 -j ACCEPT

Final Thoughts

And that’s it. Hope you got an answer to all the queries. If at all you have more questions related to this, do let us know.

Facebook
Twitter
LinkedIn
Digg
Picture of Shashi kant Pandidhar

Shashi kant Pandidhar

I’ve been helping businesses to be online for over 15 years. Today my team and I, focus on helping real businesses to overcome real-life challenges and analyse data in a way that can help businesses grow in the right direction of this digital age.

Leave a Comment

About Me

Picture of Shashi kant Pandidhar

Shashi kant Pandidhar

I’ve been helping businesses to be online for over 15 years. Today my team and I, focus on helping real businesses to overcome real-life challenges and analyse data in a way that can help businesses grow in the right direction of this digital age.

Related Posts

Follow Us

Ads

Subscribe: Trusted By 1M+ Readers

Get the weekly Tech Update straight to your inbox.

You all must be familiar with FTP and its uses. But question arises about Active and Passive FTP. What is it all about. This blog will answer your query with leaving no doubts behind. What is Active and Passive FTP Active and Passive are the two modes of an FTP server that can be placed in default mode by the administrator. (on Netspaceindia Linux Shared Hosting and Windows Shared Hosting we provide passive FTP) Active mode is the default mode which was the only mode earlier. It works when a user connects from any random port for a file transfer. This file transfer connects the client to port 21 on the server. When the client makes the initial connection and sends PORT, the server initiates the second connection back. The server connects from port 20 to the client port that is designated for the data channel. Now once connection is made, file transfers are then established through these client and server ports. Active and passive FTP Now, let us see in passive mode. In this connection, the client connects and sends the PASV command. This command functions as a request for a port number to be connected. Once the client receives a port, immediately the second connection starts and the data is send. This procedure works in tandem with a firewall which is configured to employ port forwarding for added security. Next, the data will get forwarded from the firewall ‘s port to the server’s port. This keeps the client outside from accessing the server directly.

What is the Difference Between Active and Passive FTP

Foe an authentic Control Connection the IP address used must be combined with an unused port. The port number is higher than 1024 and lower than 65535. Whereas, the ports below 1024 other than port 20 are restrained for other system services Active Mode—The client gives a PORT command to the server. This command signals that it will “actively” provide an IP as well as port number. This will help to open the Data Connection back to the client. Passive Mode—The client gives a PASV command that indicates it will wait “passively” for the server to give an IP and port number. After this the client will create a Data Connection to the server. If at all the client fails to give a PASV command, then the Data Connection goes to the defaults port 20. It is an advice that the clients should not rely on the default values because these values are insecure. Moreover, the administrator of the firewall should make it a point that there is always a PASV connection made. After the selection of IP address and port number, the party with the IP address and port will get the signals on the port specified. When the other party connects to the signaling party, the data transfer will take place Once data transfer is completed, the party that had initiated data transfer will close the data connection by signaling end-of-file (EOF).

How to enable the passive port range for Pure-FTPd

For the configuration of the file vi /etc/pure-ftpd.conf Now enable the passive port range PassivePortRange 30000 50000 Save the pure-ftpd.conf file and restart FTP service. /etc/init.d/pure-ftpd restart Enable the passive port range for ProFTPd vi /etc/proftpd.conf add the following settings. PassivePorts 30000 50000 Save the file and restart proftpd service. You should enable passive port range into the server firewall. CSF Firewall vi /etc/csf/csf.conf add port range 30000:50000 TCP_IN = TCP_OUT = Example TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000” TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000” Make a note that there is no need to update in iptables if you have installed CSF firewall. iptables -I INPUT -p tcp –dport 49152:65534 -j ACCEPT And that’s it. Hope you have to get an answer for all the queries. If at all you have more questions related to this, do let us know.  
//
Our customer sales team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?