One unique characteristic of FTP (File Transfer Protocol) is that it uses two ports in order to facilitate the communication between the client and the server. FTP Port 20 is used to transfer data while FTP Port 21 is used by the server to listen for commands from the client. It’s also true that transferring data over FTP Port 20 is not mandatory and it can be done through another port as long as this other port has been negotiated between the two parties.
FTP has two modes of operation – active and passive. Both are started by the FTP client and then acted upon by the FTP server. Here at AwardSpace, we mainly support Passive FTP, however we will briefly examine both modes of operation below:
Inactive mode the FTP client connects from a random unprivileged port (N, which is usually 20) to the FTP server’s command FTP port, which is port 21. Then, the client starts listening to port N+1 and sends a command to the FTP server. After that, the server connects back to the client’s specified data port from its local one. From the server-side firewall’s point of view, to support FTP in active mode these ports have to be opened: FTP server’s port 21 from anywhere (Client initiates connection); FTP server’s port 21 to ports > 1023 (Server responds to client’s control port); FTP server’s port 20 to ports > 1023 (Server initiates data connection to client’s data port); FTP server’s port 20 from ports > 1023 (Client sends ACKs to server’s data port).
In this mode, the FTP client initiates two connections to the FTP server. We need to keep in mind as well that both of these connections are using ephemeral ports themselves, and that’s ok. By opening two connections, or sockets with the FTP server, the client is able to resolve the issue of its firewall denying access to the FTP server initiating contact on one of the client’s high ephemeral ports. One of the connections opened by the client will contact the server on FTP port 21, and issue it the PASV (passive) command, vice the normal PORT command when using active FTP. Now what happens is that the FTP server opens an ephemeral port and issues the PORT command to the FTP client. With this in hand, the client then starts a connection back to the server FTP port for the data transfer.