The FTP protocol uses a control channel to send commands to a server, and a data channel to send and receive files. The control channel by default uses TCP port 21, and the data channel is negotiated with the FTP PORT and PASV comands. When ACTIVE mode FTP is in use, the client chooses the port to use for data transfers. When PASSIVE mode FTP is used, the server is responsible for picking the data port.
With ACTIVE mode FTP, the client picks a high numbered port to use for the data transfer, and instructs the server to use this port by issuing a PORT command. For non application aware firewalls, these connections are usually problematic.
With PASSIVE mode FTP, the client issues a PASV FTP command to the server, and the server picks a port for the client to connect back on. All data is then transfered over this channel. This method works with most stateful firewalls, and is supported in most mainstream FTP clients.
The Solaris “ftp” command defaults to ACTIVE mode FTP, but supports PASSIVE mode FTP when invoked with the “-p” option:
$ ftp -p sunsite.unc.edu
Connected to sunsite.unc.edu. 220 ProFTPD Server (Bring it on...) Name (sunsite.unc.edu:matty): anonymous 331 Anonymous login ok, send your complete email address as your password. Password: 230- Welcome to ftp.ibiblio.org, the public ftp server of ibiblio.org. We hope you find what you're looking for. If you have any problems or questions, please send email to firstname.lastname@example.org Thanks! 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to transfer files.
For a super detailed explanation of ACTIVE and PASSIVE FTP, check out Slacksite:
This is a super useful resource.