On Wed, Mar 05, 2008 at 09:03:07AM -0800, Bob Rasmussen wrote: > In the FTP protocol, "passive" means that only one connection is > established, originating in the client. All trafic goes over this > connection. (In non-passive FTP, the server opens a second channel back to > the client.) Actually, passive mode FTP does use a second channel for data transfers, but it's opened in the opposite direction from the channel used in active mode. That is, the FTP server selects a "random" TCP port number, tells it to the client, and then the client initiates the connection to that port. Active mode works as you said: the client picks a "random" TCP port number, listens on it, and tells the FTP server to connect to it. This breaks rather spectacularly when the client is firewalled preventing incoming connections, or behind a NAT, etc.
