Building Network Automation Solutions
6 week online course starting in September 2017

Server-to-server file transfers with FTP

Did you know that you could do server-to-server file transfers with FTP? I didn’t; this little gem (usually known as FXP – File eXchange Protocol) was described by davro and g in comments to the FTP Butterfly Effect post.

If you’re using FXP, please write a comment; although I am well aware why it was extremely useful 25 years ago, I’m wondering how many people are actually using it today.

It’s easy to start server-to-server transfers; all the commands you need are available in standard FTP servers. Sending the PASV command to one server and the PORT command to another one establishes a server-to-server data session (see Section 5.2 of RFC 959 for details). The file is then transferred directly between the servers without the involvement of the client host, significantly reducing the client’s bandwidth requirements.

The PORT command pointing to a third-party IP address can be misused to probe otherwise unreachable servers (FTP bounce attack). Most FTP servers are thus unwilling to open TCP sessions to an IP address different from the source IP address of the control session.

FXP requires somewhat modified FTP client (it has to open simultaneous control sessions to two servers). It’s supported by the lftp client available on most linux distributions; if you use Windows, you can use FlashFXP.


  1. FXP is very popular among pirate groups, when they are spreading new scene releases across sites (from server to server).

  2. If I recall correctly, this feature of FTP is used by the GridFTP protocol, which various HPC scientific communities use; notably the high-energy physics lot.

  3. Yes, FXP is incredibly popular in pirate groups. Large FTP servers generally have huge amounts of bandwidth and being able to spread a release between two servers is generally quicker than transferring it down your consumer ADSL and then back up to the second server.


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.