FTP active mode and passive mode - Why can't I connect to the FTP server?

FTP is different from general services. This service needs to open two ports at the same time. One port is the command channel and the other port is the data transmission channel. According to the different establishment of data transmission channels, it is divided into active mode and passive mode. Here, we describe in detail the workflow of active mode and how to solve problems when encountering them.

Active mode process

Establishment of command channel. The client will randomly select a port greater than 1024 to establish a connection with the server's port 21. Once the connection is established, the client can use the connection to execute commands on the ftp service, such as querying file names, uploading files, downloading files, etc. Commands are executed through this channel.

Notify the server to use active mode. Port 21 is only used for command execution. For files that really need to be transferred, a different port needs to be opened. The client will randomly open another port for file transfer, and then notify the ftp server of two pieces of information through port 21. The client user's file transfer port uses active mode for file transfer.

The ftp server actively establishes a connection to the client. When the ftp server knows the two pieces of information, it will actively establish a connection with the client through port 20. Once the connection is established, files can be transferred through the connection.

Problems you may encounter in active mode

If you cannot connect to the ftp server in active mode, there may be the following situations:

• The server port is not started

• Server firewall

• The LAN where the client is located has NAT conversion

In active mode, the generally opened ports are 21 (command channel) and 20 (file transfer channel). Both ports are indispensable. In addition, the firewall also needs to allow these two ports. For the client host, you can use telnet to test whether these two ports are open.

Problems with ports and firewalls are relatively easy to solve, but NAT conversion problems are difficult to solve. Let's look at how NAT conversion causes problems. Because the establishment of the command channel is initiated by the client, the channel can be successfully established. However, when the server actively establishes a data channel to the client, the server knows the NAT IP, not the client's IP. Therefore, the server will send an active connection request to one of the NAT ports (for example, port 1042) using port 20. However, NAT did not open that port, so the active connection establishment failed. So, how to solve this problem? Just use passive mode.

Passive mode process

Establishment of command channel. This stage is the same as active mode.

The client issues a PASV link request. The client sends a PASV passive mode request to the server through the command channel and waits for the server's response.

The server starts the data port and informs the client. When the server receives the client's PASV request, it will start a port for data transmission. This port can be random (1024~65535) or specified. Then, tell the client through the command channel.

The client starts the data port and establishes a connection with the server. The client receives the information from the server and knows the port used by the server for data transmission. At this time, the client will randomly open a port greater than 1024, and then establish a connection with the server through this port.

For more related technical articles, please visit the linux system tutorial column!

The above is the detailed content of FTP active mode and passive mode - Why can't I connect to the FTP server?. For more information, please follow other related articles on the PHP Chinese website!