Active vs Passive Mode FTP

The FTP protocol supports two data connection modes: Active and Passive. Files.com recommends using Passive mode for all FTP and FTPS connections.

In Active mode, the FTP client opens a port and waits for the server to initiate the data connection back to the client. This setup often causes problems when the client sits behind a firewall or NAT, because inbound connections from the server may be blocked.

In Passive mode, the server opens a port instead, and the client initiates both the control and data connections. This design avoids inbound connection issues, making Passive mode more compatible with modern networks and corporate firewalls.

Understanding Active Mode FTP

FTP originally used Active mode as its default. This mode predates firewalls and is now considered outdated. Use Active mode only within a local network (LAN) where no firewall separates the client and server.

In Active mode, the client first connects to the server using the Command channel. The port depends on the FTP variant:

• FTPS (implicit FTP over TLS): Port 990 (default) or 3990 (alternative Files.com port)
• FTPES (explicit FTP over TLS): Port 21 (default) or 3021 (alternative Files.com port)
• Plain FTP: Port 21 (default, disabled by default) or 3021 (alternative Files.com port, also disabled unless specifically enabled for business needs)

After authentication, the client sends the server its IP address and a list of available port numbers. The server then connects back to the client using one of these ports to establish the Data channel.

When uploading or downloading, the client sends the transfer command over the Command channel, while the actual file data travels through the Data channel.

Because Active mode requires inbound connections from the server, firewalls or NAT configurations often block these transfers. For that reason, Files.com recommends using Passive mode whenever possible.

Understanding Passive Mode FTP

Passive (PASV) mode was developed for clients that cannot receive inbound connections, such as those behind firewalls or on NAT networks. Due to its reliability and compatibility, Passive mode has become the standard and recommended connection method for FTP.

In Passive mode, the client initiates both the Command and Data channels. The Command channel uses the same ports as in Active mode:

• FTPS (implicit FTP over TLS): Port 990 (default) or 3990 (alternative Files.com port)
• FTPES (explicit FTP over TLS): Port 21 (default) or 3021 (alternative Files.com port)
• Plain FTP: Port 21 (default, disabled by default) or 3021 (alternative Files.com port, also disabled unless enabled for business needs)

After authentication, the server provides the client with the range of available ports for Passive Data channels. The client then selects a random port within that range and connects to the server to establish the Data channel.

For Files.com, all FTP variants use the following Passive Data channel range: Ports 40000–50000.

During file transfers, the Command channel sends the control instructions, and the Data channel carries the file content. This direction of connection—from client to server—avoids firewall conflicts and ensures more reliable transfers across corporate networks.

Common Failure Patterns

Failed Uploads or Downloads

If you can connect and browse directories but cannot upload or download files, your firewall is likely blocking the Data channel. Verify that connections to the Files.com Passive (PASV) port range (40000–50000) are allowed through your firewall.

Zero-Byte Files

FTP initiates file transfers using the STOR or RETR commands over the Command channel before streaming the actual data through the Data channel. An empty file is immediately created in the destination server when the command is received, before data streams through the Data channel. If no data can be received because the Data channel is blocked, the file remains empty, with zero bytes of data.

When you see zero-byte files appearing during failed transfers, this often indicates the Command channel successfully requested the file, but a firewall is blocking the Data channel. To fix this, confirm that the Files.com Passive port range (40000 to 50000) is open in your firewall.