Allowing Passive Mode FTP on an OpenVZ VPS with CSF firewall.

Posted on November 13th, 2015

If your VPS runs csf firewall on openvz, you’ll need to open up a passive FTP hole in the firewall. With out it, you may see an error like:

 

Response: 227 Entering Passive Mode (173,214,161,157,31,147)
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing

 

For example, on a cpanel server /etc/csf/csf.conf may show:

 

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,28,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096”

 

Edit this file and change the above to:

 

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,28,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,50000:51000”

 

Save the file and restart csf with 

csf -r

 

You are not done yet however. Also edit /etc/pure-ftpd.conf and look for

 

# Port range for passive connections replies. – for firewalling.
#PassivePortRange          30000 51000

 

Change to

 

PassivePortRange          50000 51000

 

 

Save this and restart FTP with

 

/scripts/restartsrv_pureftpd

 

 

 

 

 

 

 

Leave a Reply