How to enable passive FTP connections in ProFTPD
Passive mode can sometimes resolve certain clients ability to connect to the FTP server which may have been blocked by firewalls. If you are having issues connecting remotely, would like you to try to to enable passive connections in ProFTPD you will need to edit /etc/proftpd.conf.
1. Edit the /etc/proftpd.conf file:
And add the following lines with the letter “i” to insert:
- PassivePorts 60000 65535
- AllowStoreRestart on
- AllowRetrieveRestart on
- TimeoutNoTransfer 65535
- ListOptions "-la"
- TimeoutIdle 65535
2. You will then also need to add the passive range in the firewall.
- Add the new rule:
iptables -A INPUT -p tcp -m tcp --dport 60000:65535 -j ACCEPT
- Save the ruleset:
iptables-save > /etc/sysconfig/iptables
- Add the new port range:
firewall-cmd --permanent --add-port=60000-65535/tcp
- Reload the firewall:
3. Testing The FTP Service
You can test the FTP configuration locally first to ensure the daemon is running by using netstat
# netstat -plan|grep :21
You can also connect locally by installing the ftp client
yum install -y ftp
And then making a connection to the localhost or 127.0.0.1