CSF + Passive FTP
If you running a FTP server (Pureftp/Proftp) in your linux server, it is very important to to enable passive mode, because this mode, works best for ftp clients protected by firewall since the client initiates the connection.
If you are running a CSF firewall in your linux box, along with FTP server running Pure-ftp or Proftp, just follow the below steps…
1. Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file
open /etc/pure-ftpd.conf, and this line
PassivePortRange 30000 35000
Open /etc/proftpd.conf, and add this line
PassivePorts 30000 35000
2. Open the ports from 30000 – 35000 in your CSF firewall configuration file under TCP_IN
# Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,30000:35000"
Then restart firewall and ftp server.
service csf restart service pureftpd restart (or) service proftpd restart
Once this is done, open your ftp client and try connecting to ftp server. It should be able to work in passive mode.