Product:
Search Type:

My server is behind firewall, how do I configure passive ports range for ProFTPd?

Article ID: 1240 
Last Review: Apr,01 2008
APPLIES TO:
  • Plesk for Linux/Unix

RESOLUTION

PassivePorts directive is used in /etc/proftpd.conf file to specify passive ports range. Place it into 'Global' container, like:

</Global>
.....
.....
PassivePorts 57000 58000
</Global>

See ProFTPd documentation for more information regarding PassivePorts directive: http://proftpd.org/docs/directives/linked/config_ref_PassivePorts.html.

Next, ip_conntrack_ftp module should be loaded in the system:
# /sbin/modprobe ip_conntrack_ftp
#  lsmod | grep conntrack_ftp
nf_conntrack_ftp       13696  0
nf_conntrack           61684  1 nf_conntrack_ftp


And the iptables should be configured in the following way:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT


If the server is beind NAT, ip_nat_ftp module also should be loaded:
# /sbin/modprobe ip_nat_ftp


To keep the changes after the system boot, the modules should be added into /etc/sysconfig/iptables-config,  to IPTABLES_MODULES line, space separaetd.

Keywords: active mode passive firewall nat ftp

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields