What is Active FTP

1. A user connects from a random port on a file transfer client to port 21 on the server. It sends the PORT command, specifying what client-side port the server should connect to. This port will be used later on for the data channel and is different from the port used in this step for the command channel.

2. The server connects from port 20 to the client port designated for the data channel. Once connection is established, file transfers are then made through these client and server ports.


What is Passive FTP

1. The client connects from a random port to port 21 on the server and issues the PASV command. The server replies, indicating which (random) port it has opened for data transfer.

2. The client connects from another random port to the random port specified in the server’s response. Once connection is established, data transfers are made through these client and server ports.


Enable the passive port range for Pure-FTPd

vi /etc/pure-ftpd.conf configuration file

enable the passive port range

PassivePortRange 30000 50000

Save the pure-ftpd.conf file and restart FTP service.

/etc/init.d/pure-ftpd restart

Enable the passive port range for ProFTPd

vi /etc/proftpd.conf

add the following settings.

PassivePorts 30000 50000

Save the file and restart proftpd service.

You should enable passive port range into the server firewall.

CSF Firewall

vi /etc/csf/csf.conf

add port range 30000:50000



TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000" TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000"

No need to update in iptables if you have installed CSF firewall.


iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT


Get Free cPanel Knowledge Base

Thank you for subscribing.

Something went wrong.

3.00 avg. rating (70% score) - 2 votes