CSF + Passive FTP

If you running a FTP server (Pureftp/Proftp) in your linux server, it is very important to to enable passive mode, because this mode, works best for ftp clients protected by firewall since the client initiates the connection.

If you are running a CSF firewall in your linux box, along with FTP server running Pure-ftp or Proftp, just follow the below steps…

1. Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file

(i) Pureftpd

open /etc/pure-ftpd.conf, and this line

PassivePortRange    30000 35000

(ii) ProFTP

Open /etc/proftpd.conf, and add this line

PassivePorts    30000 35000

2. Open the ports from 30000 – 35000 in your CSF firewall configuration file under TCP_IN

Open /etc/csf/csf.conf

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,30000:35000"

Then restart firewall and ftp server.

service csf restart
service pureftpd restart (or)
service proftpd restart

Once this is done, open your ftp client and try connecting to ftp server. It should be able to work in passive mode.

Leave a Reply

Your email address will not be published. Required fields are marked *