How PASV FTP Works
FTP works over two ports: one for moving data between the servers and another for issuing commands. Passive mode works by allowing the FTP client to initiate sending of both control and data messages. Ordinarily, it’s the FTP server that initiates the data requests, but this kind of setup might not work if the client firewall has blocked the port that the server wants to use. It’s for this reason that PASV mode makes FTP “firewall-friendly.” In other words, the client is the one opening the data port and the command port in passive mode, so given that the firewall on the server side is open to accepting these ports, data can flow between both. This configuration is ideal since the server has most likely opened the necessary ports for the client to communicate with the server. Most FTP clients, including web browsers like the now-defunct Internet Explorer, support a PASV FTP option. However, configuring PASV in Internet Explorer or any other client doesn’t guarantee that PASV mode will work since FTP servers can choose to deny PASV mode connections. Some network administrators disable PASV mode on FTP servers because of the additional security risks PASV entails.
