Active and passive are the two modes that FTP can run in.
For background, FTP actually uses two channels between client and server, the command and data channels, which are actually separate TCP connections.
The command channel is for commands and responses while the data channel is for actually transferring files.
This separation of command information and data into separate channels a nifty way of being able to send commands to the server without having to wait for the current data transfer to finish. As per the RFC, this is only mandated for a subset of commands, such as quitting, aborting the current transfer, and getting the status.
In active mode, the client establishes the command channel but the server is responsible for establishing the data channel. This can actually be a problem if, for example, the client machine is protected by firewalls and will not allow unauthorised session requests from external parties.
In passive mode, the client establishes both channels. We already know it establishes the command channel in active mode and it does the same here.
However, it then requests the server (on the command channel) to start listening on a port (at the servers discretion) rather than trying to establish a connection back to the client.
As part of this, the server also returns to the client the port number it has selected to listen on, so that the client knows how to connect to it.
Once the client knows that, it can then successfully create the data channel and continue.
More details are available in the RFC: https://www.ietf.org/rfc/rfc959.txt
Best Answer
In Passive mode, the FTP server opens a port on its end and tells the FTP client the IP/Port it needs to connect to. On the client end, it creates a new socket, binds it to a local IP/Port (usually a random IP/Port unless configured otherwise), and connects to the server's specified IP/Port. Without actually seeing a trace log from a network packet sniffer, like Wireshark, then I would guess that either a firewall/router on the client end is blocking the outbound connection, or a firewall/router on the server end is blocking the inbound connection. The fact that FileZilla is getting through OK probably means that the IP/Port pairs on both ends of the connection happen to match all the firewall/router rules for accepting connections on both ends, whereas something in the WinInet/IE IP/Port pairs is getting rejected instead. That is a little unusual since Passive mode tends to be more firewall/router friendly than Active mode, though. Have you tried using Windows' command-line ftp.exe utility to see if it works or not? BTW, IE uses WinInet for all of its connections.