Active vs. Passive Modes for FTP Connections

In the world of FTP and SFTP, there are a lot of idiosyncrasies that can be confusing to even the most seasoned user. We’ve talked many times about all the different ways FTP can be encrypted or how it connects in the first place. One thing we haven’t covered is the differences between Active vs Passive for FTP connections.

Connection cables plugged in.

Active vs Passive FTP

To begin, both Active and Passive will work with ExaVault – the two modes work slightly differently, but they both have full functionality. When FTP was invented, Active mode was the only option. As time went on, Passive mode was added into FTP to accommodate certain needs – we’ll get into that a bit later.

When an FTP connection is initiated, it begins with a control connection. The control connection sets up the parameters of the connection to be initiated – where the passive vs active connection is established, along with a lot of other settings.

When looking at the FTP connection logs, you will see PORT for an active connection, and PASV for a passive connection.

Display for Passive FTP connection.

In Passive Mode, the FTP server waits for the FTP client to send it a port and IP address to connect to. In Active mode, the server assigns a port and the IP address will be the same as the FTP client making the request.

In other words, Passive mode lets the client dictate the port used, and active mode lets the server set the port.

Why does this difference matter? 

FTP Connections & Firewalls

Choosing Active vs Passive FTP has to do with firewalls. Firewalls are pieces of software that help secure networks by only allowing traffic on certain ports. If you’re behind a firewall, some ports may be entirely unavailable to you because they are blocked by the firewall.

Failed FTP connection status due to firewall.

Let’s say you’re behind a firewall that blocks port 20 for whatever reason. Most commonly, FTP servers use port 20 to transfer data. If it’s up to the server (Active mode) your FTP client is likely to be assigned port 20, which is blocked. You can use Passive mode to get around this — your FTP client can suggest a port for the client and server to use.

Although Active mode is the most used and default mode, Passive mode is helpful in certain situations where you are port limited. If you’re looking for an FTP server that supports both Active and Passive modes, as well as a bevy of very useful additions to FTP,  give ExaVault a try.