Passive FTP allows client-initiated connections between two servers, with four required settings on the server-side firewall. It allows users to use their web browser as an FTP client, shifting the burden of problems and risks to the server side. Third-party FTP clients are available for users without passive mode FTP.
Passive FTP is a connection between two servers, where the client service is the initiator of the connection on both sides; the client and the remote site. There are two types of file transfer or FTP protocols, active and passive. In an FTP, a data port (usually port 20) and a command or control port (usually number 21) is opened between two computers, allowing files to be moved between drives across the firewall.
To initiate the connection, the client must follow two steps, described below:
1) Open two unprivileged local ports. The first port is n > 1023 and is set to access port 21 on the server, using a PASV ftp command. The receiving server opens the unprivileged port p > 1023 and a port p command is returned.
2) Open port n+1 and connect to port p on the server. Now the connection is established and the data transfer between the client and the server can begin.
To support passive FTP, four settings on the server-side firewall are required. FTP server port 2 en > 1023 is required from anywhere with a client-initiated connection. Port 21 at port > 1023 and remote port > 1023 must be open for the server to respond to client requests and send data.
Passive FTP configuration allows users to use their web browser as an FTP client. To do this, they simply type ftp://URL in the address bar. Browsers generally do not support active FTP.
Passive FTP shifts the burden of problems and risks to the server side, based on the need to make large numbered ports available for remote connection. FTP daemons are used to manage the functions allowed on ports.
Users without passive mode FTP will need to use a third-party application to connect, but this is done on the client side.
Think of passive FTP as a shared storage repository. Anyone with the FTP address or site and key or user ID and password can access the locker, transferring files and data at will. An active FTP would be a shared storage locker with a guard. To access the data, you need to prove who you are and get permission to cross the firewall or pass the guard.
If you’re running a passive FTP site, keep abreast of changes in browsers and available options. Third-party FTP clients are free and widely available. If you need to restrict access more strictly, change the IP address for the FTP site and switch to an active FTP mode.
Protect your devices with Threat Protection by NordVPN
