Enabling passive FTP in Pure-FTPd

Passive FTP mode is often required when clients are behind firewalls or NAT devices. This tutorial explains how to enable passive FTP mode in Pure-FTPd on a cPanel server and configure the necessary firewall rules.

Enable Passive FTP in Pure-FTPd

On cPanel servers, Pure-FTPd configuration is managed through WHM. To enable passive mode and set a passive port range, follow these steps:

1. Log in to WHM as root.
2. Navigate to Service Configuration › FTP Server Configuration.
3. Locate the Passive Port Range settings.
4. Set the minimum port to 30000 and the maximum port to 35000.
5. Click Save to apply the changes.
6. Restart the FTP service by going to Restart Services › FTP Server.

Configure CSF Firewall for Passive FTP

If you are using ConfigServer Firewall (CSF), you need to open the passive port range in the firewall. Edit the CSF configuration file:

vi /etc/csf/csf.conf

Find the TCP_IN line and add the port range 30000:35000 to allow incoming connections on these ports:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:35000"

After saving the file, restart CSF to apply the rules:

csf -r

Verify the Configuration

After making these changes, test passive FTP connectivity from a client behind a firewall. The FTP client should be able to connect and transfer files without issues. If connections still fail, verify that the port range is correctly opened in any additional hardware firewalls or upstream network devices.