How to switch passive and active FTP modes in wget

Reliable downloads from legacy mirrors, firmware archives, and internal file servers often still depend on FTP, and stalled transfers can waste time or break unattended jobs. Adjusting the FTP mode in wget keeps file retrieval working even when firewalls or proxies treat data connections differently from the control channel. Switching between passive and active behavior on demand avoids changing server-side settings or network rules just to fix a single problematic transfer.

The FTP protocol uses a control connection on port 21 plus a separate data connection negotiated by protocol commands. In passive mode, the client opens the data connection to a port advertised by the server using PASV or EPSV, which generally works well across NAT and stateful firewalls because all connections originate from the client. In active mode, the client listens on a local port and instructs the server to connect back using PORT or EPRT, which can help where outbound rules are extremely strict but often fails when inbound connections from the server are blocked.

In GNU wget, passive FTP is the default; the --no-passive-ftp option switches to active mode for a single command, while the passive_ftp directive in /etc/wgetrc or ~/.wgetrc controls the persistent default. Misconfigured global settings can silently break scripts that expect passive transfers to succeed or cause all FTP traffic to fail on certain networks, so temporary flags and targeted per-user configuration are usually safer than system-wide changes.

1. Open a terminal on Ubuntu with a user account that can reach the target FTP server over the network.

   $ whoami
   user

2. Display the FTP-related options in wget to confirm which flag disables passive mode.

   $ wget --help | grep -i ftp
          --ftp-user=USER           set ftp user to USER.
          --ftp-password=PASS       set ftp password to PASS.
          --no-passive-ftp          disable the "passive" transfer mode.
   ##### snipped #####

   The --no-passive-ftp flag forces active FTP for that invocation, while the absence of any other mode toggle confirms that passive FTP is the default.

3. Run a test download in the default passive mode with debug logs enabled to observe the EPSV or PASV commands used for the data connection.

   $ wget --debug ftp://ftp.example.com/pub/passive-test.txt
   ##### snipped #####
   ==> EPSV ... done.
   ==> PASV ... done.
   ##### snipped #####

   Replace ftp.example.com/pub/passive-test.txt with an FTP path that permits anonymous reads or valid credentials so the transfer can complete.

4. Repeat the download with --no-passive-ftp to switch to active mode and confirm that PORT is used instead.

   $ wget --debug --no-passive-ftp ftp://ftp.example.com/pub/active-test.txt
   ##### snipped #####
   ==> PORT ... done.
   ##### snipped #####

   Active FTP relies on the server opening a data connection back to the client, so strict firewalls and NAT devices that block unsolicited inbound traffic can cause transfers to hang or fail when --no-passive-ftp is used.

5. Create or update the per-user configuration file ~/.wgetrc to set a persistent default for FTP mode.

   ~/.wgetrc
   # FTP behavior: use 'on' for passive, 'off' for active
   passive_ftp = on
   ##### snipped #####

   Use passive_ftp = on to keep passive mode as the default or passive_ftp = off to enforce active mode for this user while leaving other accounts unaffected.

6. Apply a system-wide default only when all users and automation should share the same FTP behavior by editing /etc/wgetrc with the same directive.

   /etc/wgetrc
   ##### snipped #####
   # FTP behavior: global default
   passive_ftp = off
   ##### snipped #####

   An incorrect setting in /etc/wgetrc affects every wget invocation, including cron jobs and configuration management tooling, which can cause widespread FTP failures on networks that expect passive mode.

7. Verify the effective FTP mode after any change by running another debug download and checking whether PASV or PORT appears in the log.

   $ wget --debug ftp://ftp.example.com/pub/verify-mode.txt
   ##### snipped #####
   ==> PASV ... done.
   ##### snipped #####

   Successful transfers without long stalls and log entries showing EPSV or PASV indicate passive mode, while PORT entries confirm that active mode is in effect for the tested command.