FTP was defined initially in RFC959 and has been updated in RFC2228. The protocol pre-dates RFC959 by over a decade during which time various RFC's were written to move the protocol towards a clear stable standard. This standard has now served the Internet well for fourteen years and shows only minor signs of it's age. RFC2228 currently only has standards track status but shows all the signs of becoming a full IETF standard for the internet. This new RFC extends the protocol to include encrypted and authenticated connections and to provide methods of assurance of data integrity. Proftpd is RFC959 compliant and there are plans to make it RFC2228 compliant in version 1.4 and later.
The File Transfer Protocol (FTP) does exactly what it says, it allows the movement of files from one place to another. Like most of the services on the internet it's designed round the client-server model. Given this software related to ftp can be split along these lines, Proftpd is a ftp server.
FTP servers allow access by authenticating users against a password database of some description. Historically this has been the unix /etc/passwd file (and later /etc/shadow) more recently support for other authentication systems as been provided including NIS, Radius, SQL, LDAP and many others. For most servers the username and password are sent over the network in plain-text. There is a RFC defining the specification for encrypted passwords for use with ftp servers but this not had a widespread takeup.
In addition to properly authenticated users there ftp has historically allowed a special class of user. The "anonymous" connection, primarily used for public archives of data, programs or general "stuff" anonymous logins allow anyone on the network to connect to a server. Normally anonymous connections are limited in number to prevent the free aspect to the server from overwhelming it's primary function and the access permissions and rights of the anonymous user are locked down.
Anonymous servers are one of the great resources of the Internet, over the years they collectively have become a massive redundant public storage system for information and programs. This is partly due to the open nature of many admins in what they will allow to be hosted and partly in the habit of "mirroring" other sites to spread the load. Without anonymous servers it's unlikely that the Open Source community would have been able to achieve the critical mass and accessibility required for it's current success.
FTP was designed round a two socket model, streaming data down one socket and control information down the other. This design makes it possible for a well designed client to be uploading and downloading while still permitting the user to perform other administrative tasks on the server.
Normally the control socket uses port 21 (ftp) at the server end, the data socket handling is more complex. Two modes of operation are defined for ftp connections.
Active mode connections run control over port 21 and allow the server to decide which socket to use locally for data traffic.
Passive Mode connections work the same way as normal (Active Mode) connections, except the data connection is also made from the client to the server. This avoids the problem of incoming data connections being blocked by the firewall by making both connections from the client.
Unfortunately, not all FTP clients are capable of passive mode transfers, and not all users are aware of their existence or the problems they solve. Some firewalls can be configured to allow incoming FTP data connections while blocking all other incoming TCP connections. (The firewall recognises FTP data connections because they originate from port 20, the FTP data port). This allows Active Mode FTP transfers through the firewall without blocking the incoming FTP data connections. Support for port connections established on the traditional FTP data port (20) was added in Rumpus 1.2, so older versions of Rumpus will not work correctly with firewalls configured this way.
Passive Mode connections work the same way as normal (Active Mode) connections, except the data connection is also made from the client to the server ie made to port ftp-data (20). This avoids the problem of incoming data connections being blocked by the firewall by making both connections from the client. What it boils down to is Active control channel, port 21 data channel, server specifies random port. Passive control channel, port 21 data channel, port 20 I guess it's doc time :)