How to enable passive FTP connections in ProFTPD



Passive mode can sometimes resolve certain clients ability to connect to the FTP server which may have been blocked by firewalls. If you are having issues connecting remotely,  would like you to try to to enable passive connections in ProFTPD you will need to edit /etc/proftpd.conf.


1. Edit the /etc/proftpd.conf file:

vim /etc/proftpd.conf

And add the following lines with the letter “i” to insert:

  • PassivePorts 60000 65535
  •  AllowStoreRestart on
  •  AllowRetrieveRestart on
  •  TimeoutNoTransfer 65535
  •  ListOptions "-la"
  •  TimeoutIdle 65535


2. You will then also need to add the passive range in the firewall.


  • Add the new rule:

iptables -A INPUT -p tcp -m tcp --dport 60000:65535 -j ACCEPT

  • Save the ruleset:

iptables-save > /etc/sysconfig/iptables



  • Add the new port range:

firewall-cmd --permanent --add-port=60000-65535/tcp

  • Reload the firewall:



3. Testing The FTP Service

You can test the FTP configuration locally first to ensure the daemon is running by using netstat

# netstat -plan|grep :21

You can also connect locally by installing the ftp client

yum install -y ftp

And then making a connection to the localhost or

 ftp localhost


Was this article helpful?
1 out of 2 found this helpful

Have more questions? Contact our support instantly via Live Chat