FTP 227 Passive Mode vs 229 Extended Passive Mode
FTP 227 (PASV) and 229 (EPSV) both establish passive data connections, but 229 is the modern IPv6-compatible replacement. FTP 227 encodes the IP address and port in its response, while 229 only provides a port number, using the same IP as the control connection.
Mô tả
Entering Passive Mode. The server provides an IP address and port number for the client to connect to for data transfer, formatted as (h1,h2,h3,h4,p1,p2).
Khi bạn thấy nó
After issuing the PASV command. The server switches to passive mode and tells the client where to connect for data transfer.
Cách khắc phục
No fix needed — parse the IP and port from the response to establish the data connection. If connections fail, check NAT/firewall rules on the passive port range.
Mô tả
Entering Extended Passive Mode. The server provides only a port number for the data connection, using the same IP as the control connection. Works with both IPv4 and IPv6.
Khi bạn thấy nó
After issuing the EPSV command. The server responds with a port number in the format (|||port|) for the client to connect to.
Cách khắc phục
No fix needed — connect to the server's control IP on the provided port. If it fails, try falling back to PASV (227) or check firewall rules.
Sự khác biệt chính
227 (PASV) is the original passive mode, encoding the server's IPv4 address and port in the response.
229 (EPSV) is Extended Passive Mode (RFC 2428), providing only a port number — compatible with both IPv4 and IPv6.
227 can cause NAT issues because the embedded IP may not match the public IP after address translation.
229 avoids NAT problems by reusing the control connection's IP address.
229 is required for IPv6 FTP connections; 227 only works with IPv4.
Khi nào dùng cái nào
Use PASV (227) for legacy IPv4-only FTP servers and clients that do not support EPSV. Use EPSV (229) for modern FTP implementations, IPv6 environments, and connections through NAT/firewalls. FTP clients should attempt EPSV first and fall back to PASV if the server returns an error.