Allow Passive FTP connections through your servers firewall (Windows and Linux)
Passive FTP is a method used to connect to your FTP server to upload/modify and download files from directories your user has access to.
The most common type is passive FTP
Sometimes when a new server is deployed, or on a server restart, passive FTP will start to fail. You can recognize a connection failure as a passive FTP issue by the connection string you'll see when you try and connect. The last message would be something like:
"Retrieving directory listing"
This will occur on both windows and linux systems as the message should occur on the client side
Resolution
Linux:
Adding passive FTP support to iptables is very easy. Type the following:
first to add support on the currently running system
sudo modprobe ip_nat_ftp sudo modprobe ip_conntrack_ftp
This will add support on the running iptables
Next modify the file
sudo vi /etc/modules (/etc/modprob.conf for redhat/centos)
and add the following 2 lines to the bottom
ip_nat_ftp ip_conntrack_ftp
This will load it on the next reboot. Passive FTP should now work.
Windows:
To add a range of ports to IIS FTP do the following
open a command prompt with administrative privileges (right click on it and select run as administrator) and go to the folder c:\Inetpub\AdminScripts
Once in the folder run:
adsutil.vbs set /MSFTPSVC/ PassivePortRange “5500-5700”
Were 5500-5700 is replaced by the port range you wish to add.
You will then get 3 messages if you have never done this before. Say “yes” or “ok” to all of them.
Once done, you will now need to add that range of ports to the windows firewall, type the following
FOR /L %I IN (5500,1,5700) DO netsh firewall add portopening TCP %I "Passive FTP"%I
Note: Replace 5500-5700 with a range of ports you want to use for Passive FTP connections