To enable the passive port range on a server that uses ProFTPd, perform the following steps via the command line as the root user:
With a text editor, open the /etc/proftpd.conf configuration file.
Add the following line to the first section of the configuration file, where 30000 50000 represents the PassivePorts option::
PassivePorts 30000 50000
If your FTP server exists behind a NAT configuration, add the following additional lines to the configuration file:
The MasqueradeAddress lines specify the FTP server’s public IP address.
example.com represents your FTP server’s hostname.
10.3.5.333 represents your FTP server’s public IP address.
Save the changes to the configuration file.
Open the /etc/sysconfig/iptables file with a text editor and add a line that allows connections through the passive port range that you set. For example:
iptables -I INPUT 2 -p tcp –dport 30000:50000 -j ACCEPT
If your FTP server exists on a CentOS 7, CloudLinux 7, or RHEL 7 server, run the following commands to allow connections through the passive port range that you set:
firewall-cmd –permanent –zone=public –add-service=ftp
firewall-cmd –permanent –add-port=30000-50000/tcp
Run the /usr/local/cpanel/scripts/restartsrv_ftpserver command to restart the FTP server.
System updates may overwrite these configuration changes. To make these changes permanent, you must append the passive ports to the configuration file. To do this, run the following commands as the root user:
echo “PassivePorts: 30000 50000” >> /var/cpanel/conf/proftpd/main
/usr/local/cpanel/scripts/setupftpserver proftpd –force
Solus VM and Xen
If you use SolusVM and Xen on a CloudLinux™ server, you may experience problems with passive FTP. These problems may resemble a firewall or other connection issue, even when no firewall exists.
To resolve these issues, perform the following steps:
Replace the IPTABLES_MODULES=ip_conntrack_netbios_ns line in the /etc/sysconfig/iptables-config file on the VPS node with the following line:
IPTABLES_MODULES=ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_owner ipt_REDIRECT
Run the service iptables restart command to restart the iptables service.