1
votes

In Active Mode, FTP will use a port to connect to the client port. So in this mode, can the FTP use different local ports while initiating outgoing connections (which means FTP has different local ports for all data channels)?

In Passive Mode, FTP will send back a port number through command channel to client then listen on this port number. So in this mode, can the FTP always send back a same local port number such as 1234 to the client in this mode (which means FTP has a same local port for all data channels)?

Is there any method for use to configure such data port for the FTP Server? We assume the FTP server will work behind NAT.

Regarding the FTP Active Mode and Passive Mode, see this post and this article

1

1 Answers

0
votes

I'm going to assume you're using vsftpd since you tagged your post linux and this is the most common server on modern Linux machines.

For active mode, you can disable the connect_from_port_20 option in vsftpd.conf to cause the server to use ephemeral local ports for active (PORT) outgoing data connections. The default for this option is NO but most distributions' stock configuration files set it to YES. If this is set to YES you can also set the ftp_data_port option to use a fixed local data port other than 20.

For passive mode, this is generally not supported, because of the possibility of promiscuous connections. If the server is to allow incoming data connections from IP addresses other than the client's, it has to use its own local port numbers to keep track of which data connections correspond to which control connections.

You can, however, restrict the range of local ports used by the server for PASV connections, by setting the pasv_max_port and pasv_min_port options.

See the vsftpd documentation for more information on all of these configuration options.