If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections don't get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3.
Set Passive Port Range in PureFTPD
1) Configure pure-ftpd
echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange service pure-ftpd-mysql restart
2) Configure the firewall. If you use ISPConfig 3 on my server to configure the bastille firewall, you can add the nescessera port range in the ISPConfig firewall settings.
Change the list of Open TCP ports from:
20,21,22,25,53,80,110,143,443,3306,8080,10000
to:
20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210
and then click on "Save".
Set Passive IP in PureFTPD
Setting a passive IP in FTP might be necessary when your server is located behind a NAT router. You will get an error like "Error: Server returned unroutable private IP address in PASV reply" from your FTP client in such a case.
To set a passive IP address, run this command:
echo "1.2.3.4" > /etc/pure-ftpd/conf/ForcePassiveIP
Replace 1.2.3.4 with the External IP address that clients shall use to connect to the FTP server. Then restart pureFTPD:
service pure-ftpd-mysql restart
Debian* instead of Denian in the title, and need to fix the > to > in the first command. Other than that, great mini tutorial.
Oops, small typo, thank you for your attention!
You need to correct the first line of the first command. The Greater than symbol is being output as an unparsed HTML code, I would imagine due to it’s placement in the
tag...Thanks for the note. The command is displayed correctly now.
Tanks man, great tuto 🙂
Thx for that short how-to. Just needed the info for pure-ftpd itself. Short and working – perfect. 🙂
tried
sudoecho “40110 40210” > /etc/pure-ftpd/conf/PassivePortRange
but getting
-bash: PassivePortRange: Permission denied
You missed to add a whitespace between the words sudo and echo.
sudo echo “40110 40210” > /etc/pure-ftpd/conf/PassivePortRange
Thanks, I was looking for this all day long.
It works like a charm. 🙂
thanks it works like a charm from out of LAN, then if i try from LAN can not retrieve folder list…
Thank you very much! I’m asking myself, why is this not in the official “The Perfect Server – Debian XX (xxxxx) with Apache, BIND, Dovecot, PureFTPD and ISPConfig X.X”? This was a great help!