EPSV is a command issued by an FTP/S client to signal the server that it wishes to enter into what is known as Extended Passive Mode. But what is Extended Passive Mode and when is it appropriate to use EPSV? Let’s find out.
A little background - active and passive FTP/S
Whenever an FTP/S client attempts to connect to an FTP/S server, it informs the server what mode it wishes to use. In older systems, the options were Active Mode and Passive Mode. We already have a detailed discussion on these two modes in the article ‘Active v.s. Passive FTP Simplified - Understanding FTP Ports’, so we encourage you to read that first for a better understanding of how these two modes work and in turn grasp the succeeding discussion.
Basically, in Active Mode, the FTP/S server initiates a data channel connection by connecting to the client port specified by the client in a PORT command when that client first connected to the server via the command channel.
To illustrate (see below), the FTP/S client issues a PORT command, specifies the IP address and port number it will be listening on, and sends this information to the FTP/S server. In turn, the FTP/S server connects to the client using that IP address and port number that was specified.
This mode is rarely used these days and can only work if the client isn’t operating behind a firewall.
Passive Mode is the opposite of that. In Passive Mode, it’s the FTP/S client that initiates a data channel connection. It does this by connecting to the server port specified by the FTP/S server when it that server responded to the client’s PASV command. This mode is more common and will allow a client to connect to an FTP/S server even if the client is behind a firewall.
Again, to illustrate (see below), the FTP client issues a PASV command and sends this to the server. The server then responds with a 227 response code that says Entering Passive Mode plus the IP address and port number it will be listening on. Finally, the client then connects to the server using the port number that was specified.
That’s cool and all, but where does EPSV come in?
Now, about that EPSV command...
EPSV is actually an updated version of the PASV command. Defined in RFC 2428, the EPSV command signals that the client wishes to enter into what is known as the Extended Passive Mode. Just like passive mode, extended passive mode is suitable for most FTP/S scenarios, which is, clients connecting from behind a firewall.
Difference between EPSV and PASV
So, what’s the difference now between EPSV and PASV? Or Extended Passive Mode and Passive Mode? The main difference is that EPSV and Extended Passive Mode are primarily designed to accommodate both IPV4 and IPV6 addresses, while the older PASV command and Passive Mode could only support IPV4.
And, if you do a trace or inspect a debug log of an FTP/S session, you'll notice that the FTP/S server responds with:
- 227 Entering Passive Mode (some IP address and port number) in response to a PASV command, and
- 229 Entering Extended Passive Mode (|||some port number|) in response to a EPSV command
Usage in JSCAPE MFT Server
In JSCAPE MFT Server, EPSV enable/disable toggle switches can be found in the FTP/S trading partner modules. This would include the plain FTP, FTPS Explicit, and FTPS Implicit trading partner modules. That’s because MFT Server Trading Partner objects actually act as clients that connect to remote servers. So, in this case, these trading partners act as FTP/S clients connecting to a remote FTP or FTP server.
Although EPSV support is recommended for all FTP/S servers, some servers, unfortunately, still don’t know how to handle EPSV commands properly. If you know that your remote trading partner’s FTP/S server doesn’t support EPSV, you can simply uncheck the Enable EPSV option and check Passive Transfer Mode.
That’s it. We hope that helped you clear the cobwebs regarding EPSV.
Would you like to try a free, secure FTP/S server with built-in automation-enabling features that also supports other file transfer protocols like SFTP, AS2, OFTP, WebDAV, and others? Download the Starter Edition of JSCAPE MFT Server now.