Correcting Passive Port Range for cPanel

Follow

On cPanel systems sometimes the firewall and pure-ftpd/proftpd service can be at odds.

This causes connections using passive-transfer mode to fail after initially connecting. The reason for this is that the FTP client will connect, but the server will respond back to use a port number that is blocked by the firewall configuration. 

The diagram depicts the problem
passiveFTP.png
Image is courtesy of https://documentation.cpanel.net 

To correct this you'll need to modify the configuration file for the FTP service.

Check which ports you have allocated for PassiveFTP in your firewall configuration. Once you know the range, you can then;

For Pure-FTP

  1. Login by SSH as root
  2. Remove the cache configuration file
    rm -f /var/cpanel/conf/pureftpd/main.cache
  3. Edit the main configuration file
    vim|nano /var/cpanel/conf/pureftpd/main
  4. Set the PassivePortRange range with the start and end of allowed ports
    PassivePortRange 30000 35000
  5. Regenerate the running configuration
    /scripts/setupftpserver --force pure-ftpd

For Pro-FTP

  1. Login by SSH as root
  2. Remove the cache configuration file
    rm -f /var/cpanel/conf/proftpd/main.cache
  3. Edit the main configuration file
    vim|nano /var/cpanel/conf/proftpd/main
  4. Set the PassivePorts range with the start and end of allowed ports
    PassivePorts 30000 35000
  5. Regenerate the running configuration
    /scripts/setupftpserver --force proftpd

Now FTP transfers can use passive-transfer mode without problems.

Have more questions? Submit a request

Comments

Powered by Zendesk