1. Introduction
The File Transfer Protocol (FTP) has two main operation modes for establishing a session: active and passive. In some environments, using the correct one is critical.
In this tutorial, we’ll explore ways to toggle between active and passive modes before connecting to an FTP server. First, we briefly refresh our knowledge about the different FTP session modes. After that, we discuss different client defaults and settings to switch between the modes.
We tested the code in this tutorial on Debian 11 (Bullseye) with GNU Bash 5.1.4. It should work in most POSIX-compliant environments.
2. Active and Passive FTP
In essence, FTP has command and data channels.
With this in mind, let’s summarize what active mode means in terms of connection establishment:
- CLIENT connects from (random) COMMANDPORT to SERVER port 21
- CLIENT sends PORT command with a (random) DATAPORT to SERVER
- SERVER connects from port 20 to CLIENT port DATAPORT
- CLIENT sends commands through command channel COMMANDPORT -> 21
- CLIENT sends data through data channel DATAPORT -> 20
- SERVER sends data through data channel 20 -> DATAPORT
To illustrate, we can convert the list to a basic diagram:
CLIENT SERVER
| |
1 |>COMMANDPORT>>>>(Connect)>>>>>>>>>>>21>|
2 |>COMMANDPORT>>>>(PORT DATAPORT)>>>>>21>|
| |
3 |<DATAPORT<<<<<<<(Connect)<<<<<<<<<<<20<|
| |
4 |>COMMANDPORT>>>>(commands)>>>>>>>>>>21>|
| |
5 |>DATAPORT>>>>>>>(data)>>>>>>>>>>>>>>20>|
6 |<DATAPORT<<<<<<<(data)<<<<<<<<<<<<<<20<|
| |
......................................... On the other hand, passive mode doesn’t require a reverse (active) connection from SERVER to CLIENT. Thus, the latter simply sends PASV instead of PORT to the former:
- CLIENT connects from (random) COMMANDPORT to SERVER port 21
- CLIENT sends PASV command to SERVER
- SERVER sends (random) SDATAPORT to CLIENT port COMMANDPORT
- CLIENT connects from (random) CDATAPORT to SERVER port SDATAPORT
- CLIENT sends commands through command channel COMMANDPORT -> 21
- CLIENT sends data through data channel CDATAPORT -> SDATAPORT
- SERVER sends data through data channel SDATAPORT -> CDATAPORT
Again, we can see this in an over-simplified diagram:
CLIENT SERVER
| |
1 |>COMMANDPORT>>>>(Connect)>>>>>>>>>>>21>|
2 |>COMMANDPORT>>>>(PASV)>>>>>>>>>>>>>>21>|
| |
3 |<COMMANDPORT<<<<(PORT SDATAPORT)<<<<21<|
| |
4 |>COMMANDPORT>>>>(Commands)>>>>>>>>>>21>|
| |
5 |>CDATAPORT>>>>>>(data)>>>>>>>SDATAPORT>|
6 |<CDATAPORT<<<<<<(data)<<<<<<<SDATAPORT<|
| |
......................................... Crucially, SSH File Transfer Protocol (SFTP) doesn’t use these modes. In general, whether we select active or passive mode mostly depends on the environment and firewall setup.
3. Toggling Passive Mode
While newer, passive mode might not always be preferable. Because of this, we may encounter scenarios in which we’d want to disable passive mode in favor of the original active mode.
3.1. ftp
Since it’s older, classic FTP clients like ftp might still use active mode as their default.
In these cases, switches like -p usually exist for turning on passive mode:
$ ftp -p xostAlternatively, we can use the passive FTP subcommand that some clients offer before establishing a connection:
$ ftp
ftp> passive
Passive mode on.
ftp> open xost
Connected to xost.
Name: baeldung
331 Please specify the password.
Password:
230 Login successful.
ftp>In this case, we first open the client, then toggle to passive mode, and only after that connect to the host. The FTP command passive toggles the mode between active and passive on each call.
However, passive might not be available in every client.
3.2. lftp
The sophisticated and feature-rich lftp client operates in passive mode unless otherwise specified.
However, it doesn’t support the FTP passive command. So, we use an lftp command to disable passive mode and turn on active mode:
$ lftp
lftp :~> set ftp:passive-mode off
lftp :~>After this, we can proceed with the login as usual. In case we want to turn passive mode back on, we can change the setting before our next session:
$ lftp
lftp :~> set ftp:passive-mode on
lftp :~>Naturally, we can store these settings in the respective configuration file.
3.3. curl
The classic curl command supports FTP. Again, passive mode is the default for curl.
We can switch to active mode via the –ftp-port or -P flag:
$ curl --ftp-port - ftp://xost/Although –ftp-port expects the address to get the reverse connection on, we leave the choice to curl via –.
Even if we set active mode in the configuration file, we can still enforce passive mode with –ftp-pasv.
3.4. wget
Another common basic FTP client is wget, which also uses passive mode as its default.
To use active mode, we can use the –no-passive-ftp flag:
$ wget --no-passive-ftp ftp://xost/Moreover, we can disable passive mode permanently by adding passive_ftp=off to our configuration.
3.5. FileZilla
Like others, the notorious FileZilla client uses passive mode by default. So, to change this, we can go to Settings -> Connection -> FTP and toggle the Transfer Mode.
As with any graphical user interface (GUI) client, this path can change, so knowing the general idea is usually better than memorizing.
4. Summary
In this article, we explored how to switch session modes with different FTP clients.
In conclusion, since FTP active mode still has its use cases, knowing how to disable passive mode can be vital.