Perhaps it's worth mentioning that ftp
can function in two distinct ways, one of which is much more likely to succeed if your ftp client
is behind a network address translating
router (NAT) or a firewall
Ftp is unusual, amongst Internet protocols, because it uses two tcp socket connections to do its business.
The control connection is used to pass commands from the client to the server, and the server's response messages back to the client. This is the connection mentioned in core10k's writeup, above, that is initiated by the client connecting to port 21 on the server. (It is always port 21 on a standard server, never port 20.)
The data connection is established when data (as opposed to response messages) needs to be transferred. This data is either a directory listing (the response to the ls command) or a file which is transferred (in response to the get or put commands.)
It's in how the data connection
is handled that the two ftp modes differ.
In normal (active) mode, the client uses the ftp PORT command to instruct the server to connect back to it on a specific address and port. Normally the server connects from its own port 20. Because the server is initiating the connection, this will usually not work if the client is behind a NAT device or a firewall - it either doesn't know where to send the incoming connection or doesn't want to let it through.
In passive mode (sometimes called pasv) the client connects outward to the server, instead, to create the data connection. The firewall is happy with this, because it's an outgoing connection and it's easy to tell which local computer it belongs to.
Some NAT software will handle ftp connections in normal mode, however (iproute, an old DOS-based NAT router program, was the first one I found.) It does this by peeking inside the PORT commands issued by the client. Because this information belongs to a higher network layer, and is supposed to be invisible to the router software, purists will say it breaks the network model and is very naughty, but I've found it works very well in practice.