Installing a Firewall (eg: Config Security Firewall/CSF) is one step to hardening security of your webserver. But this come with an issue that CSF may block your PureFTPd/ProFTPd server.
As a result your FTP client cannot connect to FTP server with passive mode. This is because CSF block the passive connection ports. To enable it you need set the ip range for passive connection, and make sure you are not block it from CSF.
To do that, you need to edit your FTP server configuration.
For PureFTPd:
open /etc/pure-ftpd.conf, and enable this line:
PassivePortRange 30000 35000
For ProFTPd:
open /etc/pure-ftpd.conf, and enable this line:
PassivePorts 30000 35000
Now you need to unblock that port range from CSF. Open CSF Firewall configuration from your WHM, and add that ports in TCP_IN, so it would like this:
TCP_IN: 20,21,22,25,53,80,110,143,443,30000:35000
Now restart both your CSF and FTP server. And once it done, you will able to connect to your FTP server with passive mode.
0 comments:
Post a Comment