FTP: PASV versus PORT

Short Answer

Use PASV when possible.  PASV tells the server to passively accept data connections from the client.

The Details

FTP is one of those ancient protocols that still gets a decent amount of usage these days.    At sensr.net we support FTP uploads from IP cameras.   The camera interfaces all give you the option to set PASV or PORT mode.  Typically there is a check box that says something like Passive FTP.

But what does this really mean?  Basically it indicates which side of the FTP transfer creates the data socket.  FTP transfers consist of two connections, one for control and one for data.    The control connection is where the login credentials get sent and where the client and server decide how to send data.  If the client sends a PASV command, that means it wants the server to be passive, and receive the data connection.  If it sends a PORT command, then the client is telling the server to connect back to the client.

Firewalls

Having servers connect back to clients is kind of strange in today’s internet architecture.  Typically users have a home firewall that forbids incoming connections.  Most firewalls will let users connect to any server they please, but the same firewall typically blocks any incoming connections.  Surprisingly, most firewalls these days are sophisticated enough to understand the FTP protocol and they will allow incoming connections when they see a PORT command fly by.  However, to avoid any problems or firewalls that are not FTP aware, it’s probably best to stick with PASV.  Ghandi would be proud.