In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server.
When opening an FTP connection, the client opens two random unprivileged ports locally (port number > 1023 and port number+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command.
The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port (port number+1) to port (port number) on the server to transfer data.
The passive FTP protocol is very good because a lot of connections on internet are over ADSL, cable... and clients use routers to connect to the internet. Routers usualy filter data so active ftp protocol can not be used. This problem is solved with active file transfer protocol.
Firewall on Passive FTP - what ports should be opened on server and client side?
On server port 21 and ports (port number > 1023) must be opened. On client side no change is needed.
Senior Engineer Jessie