What Is PASV FTP (Passive FTP)?

No more firewall issues

PASV FTP, also called passive FTP, is an alternative mode for establishing File Transfer Protocol (FTP) connections. In short, it solves the problem of an FTP client's firewall blocking incoming connections. "PASV" is the name of the command that the FTP client uses to explain to the server that it's in passive mode. Passive FTP is a preferred FTP mode for FTP clients behind a firewall and is often used for web-based FTP clients and computers connecting to an FTP server within a corporate network.

Laptop and two connected balls, 3D Rendering
Westend61 / Getty Images

How PASV FTP Works

FTP works over two ports: one for moving data between the servers and another for issuing commands. Passive mode works by allowing the FTP client to initiate sending of both control and data messages.

Ordinarily, it's the FTP server that initiates the data requests, but this kind of setup might not work if the client firewall has blocked the port that the server wants to use. It's for this reason that PASV mode makes FTP "firewall-friendly."

In other words, the client is the one opening the data port and the command port in passive mode, so given that the firewall on the server side is open to accepting these ports, data can flow between both. This configuration is ideal since the server has most likely opened the necessary ports for the client to communicate with the server.

Most FTP clients, including web browsers like the now-defunct Internet Explorer, support a PASV FTP option. However, configuring PASV doesn't guarantee that PASV mode will work since FTP servers can choose to deny PASV mode connections.

Some network administrators disable PASV mode on FTP servers because of the additional security risks PASV entails.

  • What is the difference between active and passive FTP?

    In active FTP mode, the client sends the PORT command, then the server connects to the appropriate client-side port. In passive FTP mode, the client requests an open port from the server and then connects to it.

  • What is an FTP bounce attack?

    In an FTP bounce attack, the PORT command is used to indirectly access ports on a server through a web proxy, allowing you to connect with ports you otherwise wouldn't be able to access. Most FTP servers block FTP bounce attacks by default.

Was this page helpful?