How to Force Active Mode in Linux FTP Command When Passive Mode is Disabled


3 views

Many developers encounter this scenario: your third-party FTP provider explicitly requires active mode transfers, but modern Linux ftp clients default to passive mode for security reasons. This creates a frustrating compatibility issue.

While passive mode (PASV) is generally preferred because:

  • It works better with firewalls
  • Reduces security risks from PORT commands
  • Is the modern standard

Some legacy systems still require active mode due to:

  • Strict firewall configurations on server side
  • Historical infrastructure limitations
  • Specific security policies

The -p flag is now obsolete. Here are working solutions:

Method 1: Using the FTP Interactive Prompt

ftp example.com
ftp> passive
Passive mode off.
ftp> put file.txt

Method 2: Using a .netrc File

machine example.com
login username
password secret
macdef init
passive off
binary
put file.txt
bye

Method 3: Using lftp (Recommended Alternative)

lftp -e "set ftp:passive-mode off; put file.txt; quit" -u user,pass example.com

When using active mode:

  • Your client must accept incoming connections on port 20
  • Consider using FTPS or SFTP instead when possible
  • Active mode may be blocked by your local firewall

If transfers fail:

ftp -d example.com  # Enable debug mode
netstat -tulnp     # Check active connections
tcpdump -i any port 21 or port 20  # Monitor FTP traffic

Many Linux distributions now default to passive mode (PASV) in their FTP clients due to security concerns with the traditional PORT (active) mode. This can cause issues when connecting to legacy FTP servers that explicitly require active mode transfers.

First, verify which FTP client you're using and its version:

ftp --version

Most modern implementations (like GNU Inetutils) have made passive mode the default with no command-line option to disable it.

Create or modify your ~/.netrc file to force active mode:

machine ftp.example.com
login your_username
password your_password
macdef init
epsv4 off
passive off

The lftp client provides more control over transfer modes:

lftp -e "set ftp:passive-mode off; open ftp.example.com"

While active mode is considered less secure because it requires the server to connect back to the client, in controlled environments (like internal networks or with trusted providers), it can be safely used when required.

Verify your mode is actually active by monitoring the connection:

ftp -d ftp.example.com

Look for EPSV or PASV commands in the output - these indicate passive mode is being used.