FTP ports are communication points. They allow the transmission of data between the terminal and the server using the FTP protocol. A distinction is made between FTP ports in passive mode and those in active mode. However, this protocol is relatively insecure.
FTP Ports in the File Transfer Protocol¶
FTP (File Transfer Protocol) is a network protocol acting at the application layer of the OSI model. It is defined in RFC 959. The protocol, introduced from 1971, allows the transfer of data from a terminal to a server and vice versa. To do this, it uses the client-server model, which allows you to upload files and create directories. FTP works on a request and response structure: data is requested and, if necessary, modified through FTP commands and via FTP programs such as FileZilla. The transfer then takes place via a data channel. In order for a device to establish a secure connection with a server, FTP ports are used.
Are you looking to configure your own cloud server with complete flexibility? IONOS Cloud servers meet all your needs: you benefit from unlimited traffic, certified datacenters and flexible resources.
What is an FTP port and what is it used for?¶
FTP ports are communication points located at the end of the network. They guarantee the establishment of a connection between a terminal and an FTP server. The FTP port is then used to identify the applications and other services that should be accessible on the server. For this, this communication terminal uses its own default numbers. These range from 0 to 65535. A secure connection is only possible if the corresponding FTP port number is known. With the correct designation, the data transfer can then be started. It is possible to transfer text files in ASCII mode or binary data such as images or programs.
How do FTP ports work?
To guarantee the smooth running of a transfer, the File Transfer Protocol typically uses two FTP ports. First, FTP port 21 is established between the server and the client. This is called the control channel. Secondly, TCP port 20 is used to connect the two entities. This is known as the data channel. The control channel, on the other hand, is exclusively used to send FTP commands. These are sent by the client to the server, which responds to each command with a code. To use this FTP port, authentication with a username and password is usually required.
Thus, a data transfer is initiated and the connection is established. Data is then sent or received via the second channel. The transfer can be from the server to the client or vice versa, depending on the commands given. Directory listings are also sent through this FTP port. The use of these two channels guarantees permanent communication possibilities between server and client. If the data transfer encounters a problem, a code is transmitted and prompts for a new command.
What are the differences between passive mode and active mode FTP ports?¶
We also differentiate between active FTP ports and those in passive mode. In short, the difference between the two possibilities lies in the behavior of the server : in active mode, it initiates the connection. If the connection with the FTP port is made in passive mode, the server lets the client establish the connection and only confirms it. We explain later in this article why this procedure is possible and, in some cases, necessary. But first, we explain how to connect FTP ports according to their modes. The procedure is similar for both.
Configuring an Active Standard FTP Port¶
An active connection between client and server is established as follows:
- First, the client sends a connection request on FTP port 21, itself using an FTP port between 1024 and 65535.
- If connection is possible, the server responds on a temporary client port.
- THE customer in turn responds to the server and confirmed establishment of an active connection.
- The client then sends the « PORT » FTP command. This confirms the use of an active FTP port, its IP address and the exact number of the FTP port with which the server must connect.
- If all the data is correct, the server confirm the order with the coded corresponding.
- The client now tells the server to start using FTP.
- This is when the active mode is triggered: the server itself establishes a data connection and sends a request from FTP port 20 (the data channel) to the FTP port whose number the client has already communicated to it.
- The client confirms to the server that the data connection is active and error-free.
- The server also sends a successful connection confirmation and authorizes the customer to transfer the data.
- FTP ports can now be used for sending or receiving different data.
Configuring an FTP port in passive mode¶
If an FTP port is to be used in passive mode, the different stages of communication between the server and the client are initially very similar. It is only for the last steps that the configuration is different:
- Also in the passive approach, the client sends a request from its temporary FTP port between 1024 and 65535 to the server’s FTP port 21.
- The server respond to the request and sends its confirmation to the send port.
- THE customer confirms establishing the connection.
- In the next step, the client sends the “PASV” command instead of the « PORT » FTP command. This command sets up a passive protocol.
- The server confirms this request. He then sends his IP adress and his FTP port number between 1024 and 65535 to be able to connect to it afterwards.
- The client therefore sends a connection request to the FTP port indicated by the server.
- If everything is in order, the server confirms the connection.
- The client now establishes the connection to the server via the specified FTP ports.
- At the last stage, the customer start the transfer to the server’s FTP port 21 by entering a command via its control port. Data transfer can then begin. FTP port 20 is no longer needed.
How do I know if a connection is active or passive?
Typically, active mode is used when transferring FTP data. If this is not the case, your host will normally inform you of the change to passive mode of the FTP port. To test the mode yourself, you can try to establish a connection. If you can’t, switch to the other mode.
When setting up a server, you can decide for yourself whether you want to use active mode or passive mode. This also applies if you want to set up your own Debian FTP server or an Ubuntu FTP server. For security reasons, we recommend that you regularly check the ports.
Flexible scalability, effective security features and personal domain included: choose web hosting from IONOS and benefit from advantageous options that will allow you to develop your web project according to your wishes!
Why is passive mode necessary for FTP ports?¶
Why does an FTP port need passive mode? The answer to this question is related to the problems caused by firewalls. If the client is positioned behind a firewall and this is effective, it blocks all active connections who want to access the customer from outside. In the case of an active FTP port, connection attempts from the server are therefore also blocked. On the other hand, if an FTP port is used in passive mode, the client takes the initiative. Thus, the firewall does not oppose it and the data transfer is allowed.
Do we still need FTP port 21?¶
While FTP port 20 is not required when using passive mode, the use of FTP port 21 is still required. Since port 20 is only used for data transfer, the connection is simply terminated after the transfer. On the other hand, FTP port 21as a control instance to manage all transfers, is constantly active. It can, however, be disconnected by a user using a command, which may be recommended to you due to security gaps. The transmission of user names and passwords is not secure and makes this technique a gateway for unauthorized access.
What is the difference between FTP and SFTP?¶
The SSH file transfer protocol (SFTP) solves this security problem. Their similar names prove that there are some similarities between SFTP and FTP. However, there are also important differences between the two protocols:
- Encryption: unlike standard FTP ports, SFTP ports are encrypted. This concerns user names and passwords on the one hand, and the transfer itself on the other. Unauthorized access is therefore not possible.
- The port number: instead of FTP port 21, SFTP typically uses port 22.
- Origin: while FTP is provided by TCIP/IP, SFTP is part of the SSH protocol.
Rent your SFTP server with IONOS and benefit from a simple and reliable solution. Thanks to our advantageous pricing, you will certainly find the model that meets your expectations.
In summary: FTP ports are useful, but their use is not secure¶
The use of FTP ports represented a great technological innovation. FTP is still widely used today, it is the most popular online data transfer protocol. The implementation of a passive mode was also an important step. However, the major drawback of FTP is, as with the Trivial File Transfer Protocol (TFTP), lack of encryption. For a secure transfer, it is therefore much more recommended to use an SFTP port.