List of content you will read in this article:
FTP is the commonly used protocol for transferring data across the network. The primary protocol supports the transfer, upload, and download of use transfer files, such as text, pdf, media, etc. But it does not ensure security as it is ensured by SFTP protocol. Whenever you use the file transfer protocol (FTP), you must know what elements are involved and how they work for better understanding. One of the most critical elements is the FTP port. Using a correct port is important as successful file transfer depends on what port is open.
Ports establish the connection and initiate the transfer between the client and the server. Before everything, you must know what an FTP port is, why it is essential, its features, different FTP modes, configuring an FTP port, and other details.
What is FTP port? [Definition]
FTP stands for file transfer protocol, allowing the users to exchange information between devices over the network. To establish the connection, you require FTP software tools and initiate the transfer. FTP transfers are done using a specific port only. By default, FTP connections use port number 21. Also, you can change this default setting and choose your choice of FTP port. But to make this change, you need administrator access.
Whenever you start communication using FTP, you will require two different ports explained below.
- When the user provides their credentials in the FTP client, it will establish an FTP connection and open the FTP control port of the FTP server (by default, this port is 21).
- A second connection is made to the server by the client, which is a response of the FTP server towards the FTP client. This connection will occur via port 20. It is where the actual transfer of data occurs.
It is helpful for the devices to connect to remote devices. Ports are required so there is no conflict with other transfers within the network, eliminating the condition of network congestion. FTP protocol can handle bulk data transfer with great ease. This protocol works using the TCP channel. To connect to this channel, you will require a port number open to the server. If you want to use the customized FTP port number, you can use only a limited number of ports for your operating system.
To understand how FTP port works and configure them, you must have a basic knowledge of FTP, its features, FTP clients, and servers. Let’s get started with it.
Features of FTP
FTP is an application layer protocol enabling quick data transfer. It comes with the following features.
- Data representation
It supports data representations- ASCII (7 bit), EBCDIC (8-bit), and 8-binary data. By default, it uses ASCII files for file transfer. It encodes each character with 7-bit ASCII. The file first gets transformed into the ASCII representation and then transformed back by the receiver. For transferring the binary files, the default format is the image file. This file will be sent as a continuous byte of bits without encoding.
- File organization and Data structures
You can transfer both structured and unstructured files using FTP.
An unstructured file is a string of bytes and is enl-marked by EOF (End of file). The data structure that corresponds to such a file is called file structure. A structured file contains a list of records delimited by EDR (End of Record). The data structure of such a file is called record structure. Another structured file contains pages having a page number and a page header. You can access these pages randomly or sequentially. The data structure is page structure.
- Transmission modes
FTP uses three different transmission modes to transfer the files.
- Stream mode
By default, FTP uses stream mode as data is transmitted as a stream of bytes. TCP breaks down the data into segments. It will not require EOF to specify the closing of the data. But, if the files are divided into records, it uses EOR (1-byte) and EOF (1-byte) characters.
- Block mode
It delivers the data into blocks from FTP to TCP, with each block having a 3-byte header. The first byte is called the block descriptor, while the other two bytes define the block size in bytes.
- Compressed mode
If the files to be transferred are big, you can transfer them after compressing. The run-length encoding uses the compression method. In the case of a text file, blank spaces are removed while compressing, and the null characters are compressed in the case of binary files.
- Error control
As FTP uses TCP to transfer the files, there is no additional error recovery mechanism requirement.
- Access control
FTP ensures access control by placing a proper login mechanism via username and password.
- FTP operation
FTP works on client-server architecture and uses two TCP connections to complete the transfer. One connection is used for exchanging the control signals, and the other is used for the actual data transfer.
- Control Connection
It transfers the control signals between both devices. The control process on both ends uses this connection. This connection uses the FTP port number 21. This connection will remain connected throughout the FTP session. You can only transfer a single line of command at a time—both the control processes of client and server use transfer the NVT syntax. The control processes use the Protocol interpreter that translates the local code into NVT syntax and vice versa.
- Data Connection
It specifies the actual data transfer. The connection between the client and server’s data transfer process (DTP) is made. It uses the FTP port 20. Unlike control connection, data connection opens and closes after each transmission. The data transfer is done based on the control of the sent commands. While transferring the file, you need to specify the type of file you are sending.
While file transfer, one of the below-mentioned things can happen.
- Copying files from the server to the client is known as retrieving the file. For this, the RETR command is used.
- Copying the file from the client to the server is known as storing the file. It uses the STOR command.
- Sending a list of file names from server to client. It uses the LLST command.
What is an Anonymous FTP?
To establish a connection via the FTP client, you must provide an authorized username and password to the remote server. Some sites have files that everyone can access, enabling the anonymous FTP. to access such files, and the user does not have to provide the credentials. Else, the user can log in as an anonymous username and guest as a password.
What are FTP Servers?
FTP servers are just similar to web servers. The FTP servers handle the distribution of files. Whenever the user clicks on a link to download something from the internet, the links redirect to FTP instead of HTTP. Some files are open to everyone on the FTP servers, while some are available for specific users with authorized access. FTP servers are divided into anonymous and non-anonymous servers to separate these files and users.
- Anonymous Server: in most cases, the FTP sites allow anonymous FTP, and you do not have to provide a password for accessing the files. You need to provide an anonymous username and enter your e-mail address as a password.
- Non-anonymous server: for a non-anonymous server, then you have to log in as yourself using the correct password.
What are FTP Clients?
FTP uses TCP for handling all the communications and sharing data. FTP works on the client/server model, where one device is the client and the other acts as the server. All the demon’s process of FTP runs on the server where everyone can access and enables the server to handle all transactions. For using FTP, you need to use FTP client software on your system and establish a connection to the server device. To connect to the FTP server, you need to provide a username and password on the FTP client software. This will open a command link between both the devices that will allow you to send commands, messages, and other data.
Then you will be able to carry out any task on the server as per your privileges, as every user does not have access to perform administrative tasks.
What is the active and passive mode?
You can develop the interaction between the client and the server in two ways. It depends on the method you use to establish the connection for transferring the data. Two modes are- active and passive FTP operation modes.
In the case of the active mode, the server initiates the connection itself to the client, while in the case of the passive mode, the client initiates the connection. The FTP protocol uses two types of connections: control and data transfer.
You can see the active and passive modes of the client in the case of the data transfer connection. But, a control connection is also essential for communication, as the server receives the command via a control connection.
The significant difference between the active and passive modes is who initiates the connection and non-anonymous servers to separate these files and users. In the case of the active mode, the client establishes the control connection to the server while the server makes the connection for transferring the data. But, in the case of the passive mode, the client initiates both data and control connection. Also, the ports to which the data is transmitted are different.
How to establish FTP Active Mode
It starts with establishing a control connection. For this, a temporary port will be created on the client ranging from 1024 to 65535 for both control and data connection. The client will send the request to the server to start the connection. Inactive mode, the following steps will take place.
- First, the client will send the request to the server with port 21.
- The server will respond to the newly created temporary client port.
- After that, the client confirms the incoming connection.
- The client will send the FTP PORT command specifying the details, such as which mode (active in this case), IP address, and port number.
- The server will confirm the incoming command.
- The client will tell the server to perform the specific task.
- Then, the server creates a data connection using port number 20.
- The client will respond to the request from the server.
- After confirming the connection, the server will allow the data from the client.
How to establish FTP Passive Mode
This process is entirely different from the active mode operation. Below are the steps that are followed using passive mode.
- The client sends a request to the server using port number 21 from its temporary port ranging between 1024 – 65535.
- The server will send a response to a temporary client port.
- The client then confirms the incoming connection.
- The client sends a PASV command specifying the usage of the passive FTP mode.
- The server confirms it and sends its IP address and the port number to start a data connection.
- The client uses the data transfer port to send a request to establish a connection to the port issued by the server.
- The server then confirms the incoming connection.
- The client creates a connection.
- The client tells the server when to transfer the data.
Changing FTP to use a different port number
To change the FTP to use another port number other than the default one, you can follow the below-mentioned steps.
As per the below example, you can replace the standard FTP port 21 with 10022.
- Make the port number change for FTP in /etc/services file, as shown below.
ftp 10022/tcp # File Transfer [Control]
ftp 10022/udp # File Transfer [Control]
- Create a backup of the SRCsubsvr ODM file using the below command.
# cd /etc/objrepos
# cp SRCsubsvr SRCsubsvr.backup
- Changing the ODM class SRCsubsvr
- Export ODMDIR:
# export ODMDIR=/etc/objrepos
- Extract the FTP entry from the SRCsubsvr ODM class:
# odmget -q sub_type="ftp" SRCsubsvr > /tmp/ftp.odm.out
- now, delete the current FTP entry from the SRCsubsvr ODM class:
# odmdelete -q sub_type="ftp" -o SRCsubsvr
0518-307 odmdelete: 1 objects deleted.
- Now, alter the sub_code field for the FTP stanza in /tmp/FTP.odm.out
- Here is the initial entry in ftp.odm.out:
sub_type = "ftp"
subsysname = "inetd"
sub_code = 21
Change sub_code to the new port (for example, port 10022):
SRCsubsvr:sub_type = "ftp"
subsysname = "inetd"
sub_code = 10022
- Now, save the file changes.
- Add the new FTP entry to the SRCsubsvr ODM class:
# odmadd /tmp/FTP.odm.out
- Verify whether the entry is present, and the new port number is shown:
# odmget -q sub_type="ftp" SRCsubsvr
- Refresh inetd to restart ftpd
# refresh -s inetd
- Now, you need to verify that the new FTP port is in the listen to state:
# netstat -an | grep 10022
- If the port is not in the listen to state, you must restart inetd:
# stopsrc -s inetd
# startsrc -s inetd
- Test the FTP connection to ports 21 and 10022
Solving problems with firewall
You might get the below-mentioned error after changing the default port number for FTP to use. You can make the required changes to the firewall settings to make the process run smoothly.
Due to the dynamic nature of the FTP data port, you might face difficulties while configuring the firewall. In the case of the active mode, the actual problems occur at the client end. If the firewall’s settings are to drop the connection that is not internally initiated, the server cannot establish the data connection. So, it is essential that you correctly specify the client ports and create an allowable rule for the firewall to work correctly.
But in the case of the passive mode, the problem lies on the server-side. Also, you can specify the range in the passive FTP port range within the server settings and create a rule for it. You can follow the below steps to get this done.
Open the IIS Manager, click the Server name under Start Page, double-click FTP Firewall Support, and provide the range 1025-65535 to the Data Channel Port Range, as shown below.
Go to FTP site -> select FTP Firewall Support, and provide your external IP address.
Make sure to make a Network Address Translation (NAT) of these port ranges while configuring the firewall.
FTP ports are essential to establish a connection between the client and the server. Make sure that your FTP listens to the correct port, and else you might find it challenging to connect to the server. FTP establishes two different connections, one for transferring the command and the other to transfer the actual data. The data connection uses the FTP port 20. By default, FTP uses port number 21 to specify the control connection. You can change the default port to ensure the security or avoid network congestion on ports 20 and 21.
FTP is a necessary protocol that smoothly transfers any data across the network. We have mentioned some commands to help you change the default port 21. You can make the firewall mentioned above settings to avoid the refused connection error if you face any issues.
People also read: