Basics
File Transfer Protocol (FTP)
The File Transfer Protocol (FTP) is based exclusively on TCP-based communication connections. FTP specifies two TCP ports, which are important for data transmission:
- Port 20/tcp: This port is also referred to as data port and is used to send/receive files and directory lists.
- Port 21/tcp: This port is generally referred to as command port and is used to exchange status information between the client and server.
Separate TCP connections are used for sending and receiving files (data port) and for transmitting commands (command port). With FTP, two connection modes are available for setting up such connections: "Active FTP" and "Passive FTP". Depending on the respective connection mode, the two ports mentioned above are initiated differently, which is described in more detail below.
![]() | The TwinCAT FTP Client supports passive FTP in every version and active FTP from version 1.0.8. |
Active FTP
With active FTP, the client connects to the command port of the FTP server. The client uses a random port N, e.g. 4242/tcp, as source port. The client then listens on port N+1 and notifies the server of this port. The server then connects to the client on port N+1 and uses its data port as the source port.

A problem with active FTP is that the client itself does not establish a connection to the server's data port, but communicates a port (N+1) to the server, which then connects to the client via its data port. In the case of firewalls or NAT devices that are located upstream of the client, this could involve additional configuration effort on the client side, since the data port of the client behind the firewall must be accessible to the server (see figure "Connect 4243"). The data ports of the TwinCAT FTP client to be used can be permanently defined, which considerably simplifies the firewall configuration. More accurate information on this can be found at Configuration.
Passive FTP
This method is used when the client is not directly accessible by the server. This is the case, for example, if the client is behind a firewall that uses NAT to rewrite the client's address. With passive FTP, the FTP client initiates a connection via two random TCP ports N (command port) and N+1 (data port). The first port is used to connect to the server's command port. However, instead of the client communicating its port N+1 to the server so that the server can open a connection to it (see active FTP), the client first transmits a so-called PASV command. The server now knows that the connection is via passive FTP. As a result, the server opens a (random) port P as data port and transmits it to the client. The client then initiates a connection with port P and uses port N+1 (data port) as the source port. This connection is then used to transfer the data.

On closer examination it becomes apparent that the firewall problem of active FTP is reversed with passive FTP. On the server side, the firewall should be configured such that the data port of the server can be reached by the client. Many FTP servers offer the option to configure the data ports to be used.
SSH File Transfer Protocol (SFTP)
The SSH File Transfer Protocol or Secure File Transfer Protocol (SFTP) is an alternative to the File Transfer Protocol (FTP) designed for the Secure Shell (SSH) that enables encryption. Unlike FTP, SFTP requires only a single connection between client and server.
SFTP access is possible without access to the Secure Shell itself.
![]() | The TwinCAT FTP Client supports SFTP from version 4.x and in connection with the Tc3_FTP library. |
FTP over TLS / FTP over SSL / FTP over SSH (FTPS)
FTP over TLS, FTP over SSL or FTP over SSH are methods for encrypting the File Transfer Protocol (FTP). FTPS and SFTP are not compatible.
![]() | The TwinCAT FTP Client does not support FTPS. |
Sources
Wikipedia: File Transfer Protocol: https://de.wikipedia.org/wiki/File_Transfer_Protocol
Wikipedia: SSH File Transfer Protocol: https://de.wikipedia.org/wiki/SSH_File_Transfer_Protocol
Wikipedia: FTP over SSL: https: //de.wikipedia.org/wiki/FTP_%C3%BCber_SSL
As of: 26 November 2024