Knowledgebase
HOW TO: Enable FTP Passive Mode
Posted by Asilah A. on 09 February 2021 04:21 PM

Configure FTP servers

To configure your FTP server, cPanel & WHM version 60 and later:

Pure-FTPd servers

To edit the FTP configuration for a PureFTP server, perform the following steps:

1) Log in to the server as the root user via SSH.
2) Open the /var/cpanel/conf/pureftpd/local file, if it already exists, with a text editor. If it does not already exist, create the /var/cpanel/conf/pureftpd/local file.
3) Add the desired changes to the file. If your FTP server exists behind a NAT configuration, set the ForcePassiveIP option to the FTP server's public IP address, as in the following example:

ForcePassiveIP: 203.0.113.0

If your server does not exist in a NAT configuration, set the ForcePassiveIP option to the following entry:

ForcePassiveIP: ~

4) If you want to change your server's default passive port range, run the following commands:

echo "PassivePortRange: 49152 65534" >> /var/cpanel/conf/pureftpd/local
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force

5) Configure your server to allow the passive port range to pass through the firewall.
6) Restart the PureFTP service with the following command:

/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force

 

ProFTPd servers

To edit the FTP configuration for a ProFTPd server, perform the following steps:

1) Log in to the server as the root user via SSH.
2) Open the /var/cpanel/conf/proftpd/local file, if it already exists, with a text editor. If it does not already exist, create the /var/cpanel/conf/proftpd/local file.
3) Add the desired changes to the file. If your FTP server exists behind a NAT configuration, set the MasqueradeAddress option to the FTP server's public IP address, as in the following example:

MasqueradeAddress: 203.0.113.0

If your server does not exist in a NAT configuration, set the MasqueradeAddress option to the following entry:

MasqueradeAddress: ~

4) If you want to change your server's default passive port range, run the following commands:

echo "PassivePorts: 49152 65534" >> /var/cpanel/conf/proftpd/local
/usr/local/cpanel/scripts/setupftpserver proftpd --force

5) Configure your server to allow the passive port range to pass through the firewall. To do this, follow the directions in the Configure the firewall section below.
6) Restart the ProFTP service with the following command:

/usr/local/cpanel/scripts/setupftpserver proftpd --force

 

Configure the firewall

====
CSF
====

If you use the CSF plugin to manage your server's firewall, open the /etc/csf/csf.conf file, and confirm that the passive port range exists at the end of the TCP_IN line. The system adds your FTP server's passive port range to the firewall by default.

WHM > CSF > Firewall Configuration > TCP_IN add "49152:65534"

====
IPTABLES
====

If you use the IPTABLES application for your FTP server's firewall, perform the following steps to add the passive port range to your server's firewall:

1) Open the /etc/sysconfig/iptables file with a text editor.
2) After you add an IPTABLES entry to the /etc/sysconfig/iptables file, run the following commands:

iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT
service iptables save

====
FIREWALLD
====

If you use the firewalld application for Linux, run the following commands to add the passive port range to your server's firewall:

firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --permanent --add-port=49152-65534/tcp
firewall-cmd --reload

 

If you face any difficulties on the setup, please feel free to contact our support team by submitting a ticket on https://247livesupport.biz or emailing out support team at support@247livesupport.biz.

(0 vote(s))
Helpful
Not helpful

Comments (0)
Copyright © 1998 - 2018 Shinjiru International Inc. All Rights Reserved.