FTP firewall issues in Passive mode

In Linux, the default FTP mode is “Passive” where it is “Active” in Windows. The Passive mode FTP causes client to connect to high port in server. This high port is unpredictable and can range from 1024 to 65535 (high ports). Different client connections use different ports and it is difficult to identify the port which needs to be opened in server side to establish data connection from client in Passive mode. Normally if you use a firewall (say iptables) and block all the ports except 21 (FTP control port), the data transfer between client and server will be blocked in Passive mode.

Read more of this post