Solve FTP Passive Mode Issue In WHM/Cpanel With CSF

Installing a Firewall (eg: Config Security Firewall/CSF) is one step to hardening security of your webserver. But this come with an issue that CSF block PureFTPd/ProFTPd server, so your FTP client cannot connect to FTP server with passive mode. This is because CSF block the passive connection ports. To enable it you need set the ip range for passive connection, and make sure you are not block it from CSF.

To do that, you need to edit your FTP server configuration.

For PureFTPd:
open /etc/pure-ftpd.conf, and enable this line:

PassivePortRange    30000 35000

For ProFTPd:
open /etc/pure-ftpd.conf, and enable this line:

PassivePorts    30000 35000

Now you need to unblock that port range from CSF. Open CSF Firewall configuration from your WHM, and add that ports in TCP_IN, so it would like this:
TCP_IN: 20,21,22,25,53,80,110,143,443,30000:35000

Now restart both your CSF and FTP server. And once it done, you will able to connect to your FTP server with passive mode

Comments

  1. Adrian Mate says:

    Great tips! Just one thing to add.
    Those settings will be overwritten once cPanel updates itself.
    To make the settings permanent, make sure you edit /var/cpanel/conf/proftpd/local (or /var/cpanel/conf/pureftpd/local) file too.

    https://documentation.cpanel.net/display/CKB/How+to+Enable+FTP+Passive+Mode

Give me your feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.