FTP Port

What is an FTP port?

The FTP, or the File Transfer Protocol, makes it possible for users to exchange files between their personal computers and remote servers with the help of specialized software tools called FTP clients. Through FTP software tools users can establish connections with a remote machine of their choice and perform any necessary data transfers. The FTP connections are executed through certain ports, which are either the default TCP ports or custom ports set by an administrator.

Executing an FTP port connection through a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the authorization fields of the FTP client, the FTP connection is established and the FTP control port of the FTP server (the default port for sending commands is 21) is opened. Then a second connection to the server is made by the client, followed by a response of the FTP server from the port for sending data (the default data sending port is 20), when the real file transfer actually begins.

Resolving problems with a blocked FTP port

As we've already mentioned, the default command port for FTP connections is port 21, so, it's important to check if your ISP is not blocking the access to that port. To check if your router or ISP is blocking the port 21, you should use telnet. Depending on your OS, you can open a terminal (Linux, OSX) or a command prompt (Windows XP, Vista, Windows7) and type the line below.

An example of a telnet command to check FTP port 21

telnet my-best-domain.net 21

If the connection is successfully opened, the result should be similar.

Results from the 21 port check

telnet my-best-domain.net 21

Trying 192.128.34.174...

Connected to my-best-domain.net.

220 ProFTPD 1.2.10 Server (my-best-domain.net) [192.128.34.174]

If you didn't establish an FTP connection using telnet, you should check your firewall software and add your FTP Client in the exclusion / white list of programs which can open ports. If your FTP port is already listed there and you can't open an FTP connection using telnet, please contact your ISP and ask them to open port 21.

If you do connect to the FTP server using telnet, but you have problems in establishing an FTP connection using your FTP software, do the following:

  • check you FTP account details for errors
  • check the FTP client's connection settings
  • disable the simultaneous FTP transfers
  • set the number of the FTP connections to the minimum allowed

If all these tips don't allow you to connect to the server, try to set your FTP client in passive mode.

Active and Passive mode FTP connections

What is the difference between an active and a passive FTP connection and how they work is one of the most asked questions. It is good to have an FTP host which provides support for both, because there are cases when one works and the other refuses a connection. Such cases happen because of improperly configured firewalls and routers on the client’s side or in the client's ISP network.

So, what is the difference between the active and the passive mode FTP connections? - And the answer is in the FTP port connections. The FTP is a TCP service which uses 2 ports. The first FTP port is the 'command port' which utilizes the communication between the FTP server and the FTP client. The second port is the 'data transfer' port where the real file transfer runs. Typically, the command port is set to port 21 and the data transfer port is port 20, but actually, depending on the connection mode, the data transfer port can be changed.

The active mode connection

When you try to establish an FTP connection in active mode, first you need to check your FTP software's settings if "Active mode" is enabled. In the most popular free FTP programs the active mode is enabled by default. If disabled, set it on and proceed with filling your FTP account details.

Look at the connection log below to see how the connection proceeds. You will notice that the client sends a PORT command which is containing the dynamic port number on which it is listening over the control stream and waits for a connection from the FTP server. When the FTP server initiates the data connection to the FTP client it binds the source port to port 20 on the FTP server.

An example of an FTP connection log using an Active mode

Status: Resolving address of my-best-domain.net
Status: Connecting to 66.40.34.171:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.2.10 Server (sc109.info) [66.40.34.171]
Command: USER demomovie
Response: 331 Password required for demomovie.
Command: PASS *****
Response: 230 User demomovie logged in.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: 211-MDTM
Response: 211-REST STREAM
Response: 211-SIZE
Response: 211 End
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PORT 10,1,242,250,180,46
Response: 200 PORT command successful
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Response: 226 Transfer complete.
Status: Directory listing successful

But let's explain the things in more detail. First, the client opens a random dynamic port, for example port 1025, and connects to the server's port 21. Then the client opens a data port (the command port + 1 = 1026) and sends a PORT command to the FTP server. Then the server connects back to the client's data port 1026 using its local data port 20 and starts the transfer.

The passive mode connection

Passive mode FTP connections are designed to resolve problems with firewalls and routers that didn't allow an active connection to be established.

If you can't connect to the server in active mode, you need to enable the "Force Passive mode" option of your FTP Client. Then the client will initiate both connections to the server, which may resolve the problem even if there are some limitations imposed by your ISP's network or your personal firewall.

Let's see how the passive mode works. First, the FTP Client opens two dynamic ports - a command port (for example port 1025) and a data transfer port (the command port +1 = port 1026). Then the client connects its command port to port 21 on the server, but instead of using a PORT command, it sends a PASV command which tells the server that the connection is set in passive mode. When it reads the PASV command, the server opens a random dynamic port (for example 1027), which is forwarded to port 20 (the server's default data transfer port), and sends it back to the client. Then the FTP client initiates the connection from its data port (port 1026) to the server's data port (port 1027) and starts the data transfer.

This mode is a great method of resolving problems with firewalls filtering the incoming data port connection to the client from the server. Let's check how the connection log looks like:

An example of an FTP connection log using a Passive mode

Status: Resolving address of my-best-domain.net
Status: Connecting to 66.40.34.171:21...
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.2.10 Server (sc109.info) [66.40.34.171]
Command: USER demo
Response: 331 Password required for demomovie.
Command: PASS **********
Response: 230 User demo logged in.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: 211-MDTM
Response: 211-REST STREAM
Response: 211-SIZE
Response: 211 End
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (66,40,34,171,137,225).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Response: 226 Transfer complete.
Status: Directory listing successful