Skip to main content

FTP

====================================================================================

FTP General Info

Passive/Active Mode

FTP Passive Mode

Passive ports are used to allow multiple FTP connections  by moving open FTP connections from port 21 to a port specified in the passive port range (40,000-40,100 is the standard ANS passive port range ). See relevant panel/cli doc pages for specific info on how the passive port range can be set.

If your FTP client is using passive mode, you'll usually see an output similar to the below. We can use this to calculate the port being used for passive mode (which we can then check for any restrictions on).

80,244,185,220,156,149  

First 4 numbers are the server IP,   

Multiply 5th number by 256 = x  

X+6th number = passive port which is being used  

156x256=39936+149=40085  

SFTP

cPanel/Plesk

The primary cPanel/Plesk user can use SFTP if enabled.

Encrypted FTP

====================================================================================

FTP Troubleshooting

------------------------------------------------------------------------------------------------------------------------------------------------

cPanel

Identify which FTP server is running

lsof -i:21

For Pure-FTPd:

/var/cpanel/conf/pureftpd/local

For ProFTPD:

/var/cpanel/conf/proftpd/local

Add this line to set which ports your server should use.

PassivePortRange: 40000 40100

If your server is behind a firewall and you are seeing unroutable address errors, add the following line, replacing 123.123.123.123 with your server’s public IP:

ForcePassiveIP: IP_IP_IP_IP

Restart Pure-FTPd by running:

/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force

Allow inbound connections on the passive port range.

------------------------------------------------------------------------------------------------------------------------------------------------

Plesk 

Plesk also uses the ProFTPD server, but the configuration is slightly different. 

Plesk Onyx:

Edit/create the file /etc/proftpd.d/55-passive-ports.conf

Add the following configuration this file:

<Global>
PassivePorts 40000 40100
</Global>

Restart the FTP service to pick up the changes:

systemctl restart xinetd

On your firewall, allow inbound connections on the passive port range.

If your server is behind a firewall and you are seeing unroutable address errors, add the following line, replacing 123.123.123.123 with your server’s public IP:

MasqueradeAddress IP_IP_IP_IP

------------------------------------------------------------------------------------------------------------------------------------------------

 

Back to top