Introduction to File Transfer Protocol (FTP)

General

The File Transfer Protocol (FTP) is based exclusively on TCP-based communication connections. FTP specifies two TCP ports, which are important for data transmission:

• Port 20/tcp: This port is also referred to as data port and is used to send/receive files and directory lists.
• Port 21/tcp: This port is generally referred to as command port and is used to exchange status information between the client and server.

Separate TCP connections are used for sending and receiving files (data port) and for transmitting commands (command port). With FTP, two connection modes are available for setting up such connections: "Active FTP" and "Passive FTP". Depending on the connection mode, the two ports mentioned above are initiated differently, which is described in more detail below.

The TwinCAT FTP Client supports both connection modes from version 1.0.8. For older versions only "Passive FTP" is supported. The connection mode is selected e.g. in the function block FB_FTP_OpenEx via the input parameter eMode of type E_FTP_ConnMode.

Active FTP

When using the connection mode "Active FTP", the Client connects to the Command-Port of the FTP-Server by using a randomly selected source port N, e.g. 4242/tcp. Subsequently the Client binds itself to port N+1 and notifies the Server of this port. The Server then connects to this port N+1 and uses its Data-Port as the source port.

One of the problems when using active FTP connections is, that the Client itself does not initiate a connection to the Server's Data-Port. Instead, the Client notifies the Server of its own Data-Port (N+1) and then the Server actively connects to this port. If the Client is located behind a Firewall or NAT-device, this could involve additional configuration on the Client's Firewall because the Client's Data-Port must be reachable for the Server (cf. picture "Connect 4243"). The Data-Ports used by TwinCAT FTP-Client can be permanently configured, which makes the Firewall configuration easier. For this special Registry Keys exists to Configure Data-Ports for active FTP.

Passive FTP

This method is used when the client is not directly accessible by the server. This is the case, for example, if the client is behind a firewall that uses NAT to rewrite the client's address. With passive FTP, the FTP client initiates a connection via two random TCP ports N (command port) and N+1 (data port). The first port is used to connect to the server's command port. However, instead of the client communicating its port N+1 to the server so that the server can open a connection to it (see active FTP), the client first transmits a so-called PASV command. The server now knows that the connection is via passive FTP. As a result, the server opens a (random) port P as data port and transmits it to the client. The client then initiates a connection with port P and uses port N+1 (data port) as the source port. This connection is then used to transfer the data.

On closer examination it becomes apparent that the firewall problem of active FTP is reversed with passive FTP. On the server side, the firewall should be configured such that the data port of the server can be reached by the client. Many FTP servers offer the option to configure the data ports to be used.

Sources

Wikipedia: File Transfer Protocol URL: http://de.wikipedia.org/wiki/File_Transfer_Protocol Version: 10. April 2011

Requirements