On Monday, October 09, 2000 8:34 AM, Philipp Snizek [SMTP:mailinglist@bluewin.ch] wrote:

Please can somebody tell me the difference between active ftp and passive ftp?

Philipp, The normal (active) operation of ftp is as follows: Client establishes session with server by calling it on port 21. This is the control channel over which all commands and returned status information is carried. However it is not used for data. When a PUT,GET,LS,DIR ... command is sent, a second channel (data) is established to send the file/directory listing... . This second channel is established by the server calling the client on port 20. This causes problems when the client is behind a firewall and/or NAT device as the connect for the data channel may not be allowed past the firewall (security policy) or it may not be able to find the client if NAT is in use and the device does not remember ftp state. ie if A connects to B on port 21, then B can be expected to connect to A on port 20. To overcome this, passive mode is used. In this mode the control channel is established in the same way but the data channel, instead of being set up from the server, is now set up from the client. To do this, the server tells the client (over the control channel) that it is listening on port NNNN and the client establishes the channel by calling the server on the nominated port. This satisfies the security policy of not allowing inbound connects and will allow a dumb NAT device to register the session and so correctly pass traffic. Hope this answers your question. John