Passive vs. Active FTP

Passive vs. Active FTP

ExaVault supports connections through either Passive FTP or Active FTP. Passive FTP connections are used by default in most FTP client programs, such as FileZilla.

Wikipedia and other sites contain additional information on the differences between Passive and Active FTP.

Passive FTP

ExaVault recommends using Passive FTP for FTP connections to your account as this is much easier to configure and manage.

Technical Overview of Connections

  1. The FTP client connects from a random port to port 21 on the ExaVault server and issues the PASV command. The ExaVault server replies, indicating which port it has opened for data transfer.
  2. The FTP client connects from another random port to the random port specified in the server's response. Once connection is established, data transfers are made through these client and server ports.

Configuration Considerations

If you're using FTP or FTPS, and have your FTP client set to use Passive FTP (the default for most FTP client software), you will also need to allow outbound access from your network to our servers on ports 60000 - 65535. Your FTP client will open a control channel on port 21 and a data channel on a random high port in the 60000 - 65535 port range.

Active FTP

ExaVault also supports Active FTP connections. If you want (or need) to use Active FTP, you will probably need to do additional setup on your firewall to open specific ports to incoming traffic.

Technical Overview of Connections

  1. A user connects from a random port on an FTP client to port 21 on the ExaVault server. It sends the PORT command, specifying what client-side port the server should connect to. This port will be used later on for the data channel and is different from the port used in this step for the command channel.
  2. The ExaVault server connects from port 20 to the client port designated for the data channel. Once connection is established, file transfers are then made through these client and server ports.

Configuration Considerations:

If you are using Active FTP, you must designate the port that will be used for incoming data connections from ExaVault. You will need to configure your firewall to allow incoming data connections on the designated port. ExaVault will initiate a data channel to the client from its port 20, the FTP server data port and use your designated incoming port.

Did you find an issue with this article? Let us know!

help/01-firewalls/03-passive-vs-active-ftp.txt · Last modified 2018/04/17 18:03 (external edit)