If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections don't get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3.

Set Passive Port Range in PureFTPD

1) Configure pure-ftpd

echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange
service pure-ftpd-mysql restart

2) Configure the firewall. If you use ISPConfig 3 on my server to configure the bastille firewall, you can add the nescessera port range in the ISPConfig firewall settings.

Change the list of Open TCP ports from:

20,21,22,25,53,80,110,143,443,3306,8080,10000

to:

20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210

and then click on "Save".

Set Passive IP in PureFTPD

Setting a passive IP in FTP might be necessary when your server is located behind a NAT router. You will get an error like "Error: Server returned unroutable private IP address in PASV reply" from your FTP client in such a case.

To set a passive IP address, run this command:

echo "1.2.3.4" > /etc/pure-ftpd/conf/ForcePassiveIP

Replace 1.2.3.4 with the External IP address that clients shall use to connect to the FTP server. Then restart pureFTPD:

service pure-ftpd-mysql restart
How to set PassivePortRange and PassiveIP in pure-ftpd on Debian and Ubuntu Linux
Tagged on:         

11 thoughts on “How to set PassivePortRange and PassiveIP in pure-ftpd on Debian and Ubuntu Linux

  • Aaron
    Permalink

    Debian* instead of Denian in the title, and need to fix the > to > in the first command. Other than that, great mini tutorial.

    Reply
    • andreea
      Permalink

      Oops, small typo, thank you for your attention!

      Reply
  • Chris Routh
    Permalink

    You need to correct the first line of the first command. The Greater than symbol is being output as an unparsed HTML code, I would imagine due to it’s placement in the tag...

    Reply
    • TillPost author
      Permalink

      Thanks for the note. The command is displayed correctly now.

      Reply
  • Nag
    Permalink

    Thx for that short how-to. Just needed the info for pure-ftpd itself. Short and working – perfect. 🙂

    Reply
  • Siddhant Naik
    Permalink

    tried
    sudoecho “40110 40210” > /etc/pure-ftpd/conf/PassivePortRange
    but getting
    -bash: PassivePortRange: Permission denied

    Reply
    • admin
      Permalink

      You missed to add a whitespace between the words sudo and echo.

      sudo echo “40110 40210” > /etc/pure-ftpd/conf/PassivePortRange

      Reply
  • johnymas
    Permalink

    Thanks, I was looking for this all day long.
    It works like a charm. 🙂

    Reply
  • Mohye
    Permalink

    thanks it works like a charm from out of LAN, then if i try from LAN can not retrieve folder list…

    Reply
  • Heiner Keute
    Permalink

    Thank you very much! I’m asking myself, why is this not in the official “The Perfect Server – Debian XX (xxxxx) with Apache, BIND, Dovecot, PureFTPD and ISPConfig X.X”? This was a great help!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*