On Wed, Mar 05, 2008 at 09:03:07AM -0800, Bob Rasmussen wrote:
> In the FTP protocol, "passive" means that only one connection is
> established, originating in the client. All trafic goes over this
> connection. (In non-passive FTP, the server opens a second channel back to
> the client.)


Actually, passive mode FTP does use a second channel for data transfers,
but it's opened in the opposite direction from the channel used in active
mode. That is, the FTP server selects a "random" TCP port number, tells
it to the client, and then the client initiates the connection to that port.

Active mode works as you said: the client picks a "random" TCP port number,
listens on it, and tells the FTP server to connect to it. This breaks
rather spectacularly when the client is firewalled preventing incoming
connections, or behind a NAT, etc.