How to set PassivePortRange and PassiveIP in pure-ftpd on Debian and Ubuntu Linux

If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections don't get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3.

Set Passive Port Range in PureFTPD

1) Configure pure-ftpd

echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange
service pure-ftpd-mysql restart

2) Configure the firewall. If you use ISPConfig 3 on my server to configure the bastille firewall, you can add the nescessera port range in the ISPConfig firewall settings.

Change the list of Open TCP ports from:




and then click on "Save".

Set Passive IP in PureFTPD

Setting a passive IP in FTP might be necessary when your server is located behind a NAT router. You will get an error like "Error: Server returned unroutable private IP address in PASV reply" from your FTP client in such a case.

To set a passive IP address, run this command:

echo "" > /etc/pure-ftpd/conf/ForcePassiveIP

Replace with the External IP address that clients shall use to connect to the FTP server. Then restart pureFTPD:

service pure-ftpd-mysql restart

11 thoughts on “How to set PassivePortRange and PassiveIP in pure-ftpd on Debian and Ubuntu Linux”

  1. Debian* instead of Denian in the title, and need to fix the > to > in the first command. Other than that, great mini tutorial.

  2. You need to correct the first line of the first command. The Greater than symbol is being output as an unparsed HTML code, I would imagine due to it’s placement in the tag...

  3. tried
    sudoecho “40110 40210” > /etc/pure-ftpd/conf/PassivePortRange
    but getting
    -bash: PassivePortRange: Permission denied

  4. Thank you very much! I’m asking myself, why is this not in the official “The Perfect Server – Debian XX (xxxxx) with Apache, BIND, Dovecot, PureFTPD and ISPConfig X.X”? This was a great help!


Leave a Comment