What is Active FTP

1. A user connects from a random port on a file transfer client to port 21 on the server. It sends the PORT command, specifying what client-side port the server should connect to. This port will be used later on for the data channel and is different from the port used in this step for the command channel.

2. The server connects from port 20 to the client port designated for the data channel. Once connection is established, file transfers are then made through these client and server ports.

Active_FTP

What is Passive FTP

1. The client connects from a random port to port 21 on the server and issues the PASV command. The server replies, indicating which (random) port it has opened for data transfer.

2. The client connects from another random port to the random port specified in the server’s response. Once connection is established, data transfers are made through these client and server ports.

Passive_FTP

Enable the passive port range for Pure-FTPd

vi /etc/pure-ftpd.conf configuration file

enable the passive port range

PassivePortRange 30000 50000

Save the pure-ftpd.conf file and restart FTP service.

/etc/init.d/pure-ftpd restart

Enable the passive port range for ProFTPd

vi /etc/proftpd.conf

add the following settings.

PassivePorts 30000 50000

Save the file and restart proftpd service.

You should enable passive port range into the server firewall.

CSF Firewall

vi /etc/csf/csf.conf

add port range 30000:50000

TCP_IN =
TCP_OUT =

Example

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000" TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000"

No need to update in iptables if you have installed CSF firewall.

IPTABLES

iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT

 

3.00 avg. rating (64% score) - 2 votes
Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive