Detailed explanation of two modes of FTP

In the use of FTP when , If the client machine and FTP The server All ports between the two sides are open , There's no problem with that connection . If there is a firewall between the client and the server , If the fire prevention strategy is not configured and the proper connection mode is adopted , Will result in a successful login , But not List List questions . To avoid such problems , First of all, understand FTP Working mode of .

1. FTP Of PORT（ Active mode ） and PASV（ Passive mode ）

(1) PORT（ Active mode ）

PORT It's called active mode in Chinese , How it works ： FTP The client connects to FTP Server's 21 port , Send user name and password login , After logging in successfully list List or read data , The client randomly opens a port （1024 above ）, send out PORT Order to FTP The server , Tell the server client to adopt active mode and open the port ;FTP Server received PORT After active mode command and port number , Through the server 20 Port and client open port connection , send data , The principle is as follows ：

(2) PASV（ Passive mode ）

PASV yes Passive Abbreviation , Chinese becomes a passive mode , working principle ：FTP The client connects to FTP Server's 21 port , Send user name and password login , After logging in successfully list List or read data , send out PASV Order to FTP The server , The server opens a port randomly in the local area （1024 above ）, Then tell the client the open port , The client then connects to the open port of the server for data transmission , The principle is as follows ：

2. A comparison of the two models

From the above run, we can see , The difference between active mode and passive mode is simply summarized as ： When active mode transmits data “ The server ” Connect to “ client ” The port of ; Passive mode transfers data is “ client ” Connect to “ The server ” The port of .

Active mode requires the client to open the port to the server , Many clients are in the firewall , Open the port to FTP Server access is more difficult .

Passive mode only needs the open port on the server side to connect to the client .

3. Network settings for different working modes

The problem I encountered in the actual project is ,FTP The clients and servers of are on different networks , There is at least... Between the two networks 4 Layer firewall , The server is only open 21 port , The client machine doesn't have any ports open .FTP Passive mode of client connection , Results the client can log in successfully , But can not LIST List and read data . Obviously , It is because the server does not open the random port in passive mode .

Due to passive mode , Open ports on the server side are random , But the firewall can't be fully open , The solution is , stay ftp The server is configured to open random ports in passive mode 50000-60000 Between （ The scope is ftp Server software settings , You can set any 1024 Port segment on ）, Then set the rules in the firewall , Open the server side 50000-60000 Port end between .

In active mode , Client's FTP The software sets the active mode open port segment , Open the corresponding port segment in the firewall of the client .

4. How to set up Working mode ？

ha-ha , Someone might ask FTP How to set the working mode of the server ？ In real time FTP Servers generally support active and passive modes , What is the mode of connection FTP The client software decides .

5. Add
Original address
FTP The default is 20 and 21 port , General equipment will automatically identify 21 And open 20. Management and data ports
When you change it .. It can't open another port automatically .

To complete a FTP The transmission process of does not just need 21 A port , It is 2 Ports ,21 Port is just a command port , In fact, there is another data terminal

FTP There are two modes , Namely port Pattern ( It's also called active mode ) and pasv Pattern ( It's also called passive mode ), How to understand these two modes ? Let me make a comparison ,
In active mode : Client to server 21 The port sends the command and says , What I want to download and what , I will also say that I have opened a port of my own , Just give me something from here , After the server knows it, it will pass things to the client through another data port , This is the active mode , It can be understood that the server actively transfers files to the client ;
In passive mode : Client to server 21 The port sends the command and says , What I want to download and what , After the server knows , Just open a port , Then tell the client , I've opened the port , Go in and get it yourself , So the client gets the file from that port , This is the passive mode , It can be understood that the server is taken away by the client

In active mode ,FTP The two ports of are relatively fixed , If the command port is x Words , The data port is x-1, That is to say, by default , The command port is 21, The data port is 20; You changed the command port to 123, So the data port is 122. So it's very convenient to use the firewall , Just open these two ports , But if the client is sharing the Internet, it can't be used normally FTP 了 , It's not going to work , There must be a passive mode .

In passive mode, it's a bit of a hassle , By default, the command port is 21, But data ports are random , This requires setting up a passive port in the device .

After setting up , Need to do mapping when , Open some of these ports, too .