Passive FTP is a connection between two servers, where the client service is the initiator of the connection on both sides; the client and the remote site. There are two types of file transfer protocols or FTP, active and passive. In a FTP, a data port (usually port 20) and a command or control port (usually number 21) is opened between two computers, allowing files to be moved between units through the firewall.
To initiate the connection, the client must follow two steps, which are detailed below:
1)Open two unprivileged local ports. The first port is n > 1023 and is set to access port 21 on the server, using a PASV ftp command. The receiving server opens unprivileged port p > 1023 and a port p command is returned.
2)Open port n +1 and connect to port p on the server. Now the connection is made and the data transfer between the client and the server can begin.
In order to support passive FTP, four settings on the server side firewall are required. FTP server port 2 and n > 1023 from anywhere with a client initiated connection is required. Port 21 to port > 1023 and remote port > 1023 must be open for the server to respond to client requests and send data.
Passive FTP shifts the burden on issues and risks to the server side, based on the need to make high numbered ports available for remote connection. FTP daemons are used to manage the functions allowed on the ports.
Users without passive mode FTP will have to use a third party application to make the connection, but this is done on the client side.
Think of passive FTP as a shared storage locker. Anyone with the address or FTP site and key or user ID and password can access the locker, transferring files and data at will. An active FTP would be a shared storage locker with a guard. To access the data, you need to prove who you are, and to arrange for permission to get through the firewall or pass the guard.
If you are managing a passive FTP site, stay current on changes in browsers and the options available. Third party FTP clients are free and widely available. Should there be a need to restrict access more tightly, change the IP address for the FTP site and switch to an active FTP mode.