What is Active FTP
1. A user connects from a random port on a file transfer client to port 21 on the server. It sends the PORT command, specifying what client-side port the server should connect to. This port will be used later on for the data channel and is different from the port used in this step for the command channel.
2. The server connects from port 20 to the client port designated for the data channel. Once connection is established, file transfers are then made through these client and server ports.
What is Passive FTP
1. The client connects from a random port to port 21 on the server and issues the PASV command. The server replies, indicating which (random) port it has opened for data transfer.
2. The client connects from another random port to the random port specified in the server’s response. Once connection is established, data transfers are made through these client and server ports.
Enable the passive port range for Pure-FTPd
vi /etc/pure-ftpd.conf configuration file
enable the passive port range
PassivePortRange 30000 50000
Save the pure-ftpd.conf file and restart FTP service.
/etc/init.d/pure-ftpd restart
Enable the passive port range for ProFTPd
vi /etc/proftpd.conf
add the following settings.
PassivePorts 30000 50000
Save the file and restart proftpd service.
You should enable passive port range into the server firewall.
CSF Firewall
vi /etc/csf/csf.conf
add port range 30000:50000
TCP_IN =
TCP_OUT =
Example
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000" TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000"
No need to update in iptables if you have installed CSF firewall.
IPTABLES
iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT