What is Passive FTP ports?
In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends the PORT P command back to the client. The client then initiates the connection from port N+1 to port P on the server to transfer data.
Configure passive port in pureftp / proftpd
This Example configure passive port range between 30000 and 35000
Edit /etc/sysctl.conf and add the below line then run “sysctl -p” to update the changes.
- net.ipv4.ip_local_port_range 30000 35000
For proftpd
Open /etc/proftpd.conf and add the blow line
- PassivePorts 30000 35000
For Pure-ftp
Open /etc/pure-ftpd.conf and add the below line
- PassivePortRange 30000 35000
Then restart proftpd / pure-ftpd service.
- # service proftpd restart
# service pure-ftpd restart
Configuring passive ports in CSF
Edit the /etc/csf/csf.conf file in your favorite editor and look for TCP_IN where you will see the list of open ports configured. Add the following port range and restart the firewall.
- 30000:35000
# csf -r
Configuring passive ports in APF
Open your APF configuration file with your favorite editor. This configuration file is usually located at: /etc/apf/conf.apf and look for the IG_TCP_CPORTS line and add the below port range and then restart the firewall.
- # 30000_35000
# service apf restart
Now try connecting with your ftp client software and it should resolve your ftp passive ports problem.
Useful links
Tutorial for Active FTP vs Passive FTP