How to enable passive FTP connections in ProFTPD

 

 

Passive mode can sometimes resolve certain clients ability to connect to the FTP server which may have been blocked by firewalls. If you are having issues connecting remotely,  would like you to try to to enable passive connections in ProFTPD you will need to edit /etc/proftpd.conf.

 

1. Edit the /etc/proftpd.conf file:

vim /etc/proftpd.conf

And add the following lines with the letter “i” to insert:

  • PassivePorts 60000 65535
  •  AllowStoreRestart on
  •  AllowRetrieveRestart on
  •  TimeoutNoTransfer 65535
  •  ListOptions "-la"
  •  TimeoutIdle 65535

 

2. You will then also need to add the passive range in the firewall.

IPtables:

  • Add the new rule:

iptables -A INPUT -p tcp -m tcp --dport 60000:65535 -j ACCEPT

  • Save the ruleset:

iptables-save > /etc/sysconfig/iptables

 

Firewalld: 

  • Add the new port range:

firewall-cmd --permanent --add-port=60000-65535/tcp

  • Reload the firewall:

firewall-cmd-reload

 

3. Testing The FTP Service

You can test the FTP configuration locally first to ensure the daemon is running by using netstat

# netstat -plan|grep :21

You can also connect locally by installing the ftp client

yum install -y ftp

And then making a connection to the localhost or 127.0.0.1

 ftp localhost