FTP 227 Passive Mode vs 229 Extended Passive Mode
FTP 227 (PASV) and 229 (EPSV) both establish passive data connections, but 229 is the modern IPv6-compatible replacement. FTP 227 encodes the IP address and port in its response, while 229 only provides a port number, using the same IP as the control connection.
Описание
Entering Passive Mode. The server provides an IP address and port number for the client to connect to for data transfer, formatted as (h1,h2,h3,h4,p1,p2).
Когда вы это видите
After issuing the PASV command. The server switches to passive mode and tells the client where to connect for data transfer.
Как исправить
No fix needed — parse the IP and port from the response to establish the data connection. If connections fail, check NAT/firewall rules on the passive port range.
Описание
Entering Extended Passive Mode. The server provides only a port number for the data connection, using the same IP as the control connection. Works with both IPv4 and IPv6.
Когда вы это видите
After issuing the EPSV command. The server responds with a port number in the format (|||port|) for the client to connect to.
Как исправить
No fix needed — connect to the server's control IP on the provided port. If it fails, try falling back to PASV (227) or check firewall rules.
Ключевые различия
227 (PASV) is the original passive mode, encoding the server's IPv4 address and port in the response.
229 (EPSV) is Extended Passive Mode (RFC 2428), providing only a port number — compatible with both IPv4 and IPv6.
227 can cause NAT issues because the embedded IP may not match the public IP after address translation.
229 avoids NAT problems by reusing the control connection's IP address.
229 is required for IPv6 FTP connections; 227 only works with IPv4.
Когда что использовать
Use PASV (227) for legacy IPv4-only FTP servers and clients that do not support EPSV. Use EPSV (229) for modern FTP implementations, IPv6 environments, and connections through NAT/firewalls. FTP clients should attempt EPSV first and fall back to PASV if the server returns an error.