This article shows how to enable FTP (File Transfer Protocol) passive mode for server with pure-ftpd and APF (Advanced Policy Firewall) installed. Pure-ftpd installation will disable the passive mode and even if you have enabled it, you still have to open some ports of your APF.
- Login to your server with root access
- Edit the pure-ftpd configuration by typing: pico -w /etc/pure-ftpd.conf
- Look for line: #PassivePortRange 30000 50000
Note that the port range may different in your configuration.
- Enable the Passive Port Range by deleting the # mark. The line will become: PassivePortRange 30000 50000
- Restart the pure-ftpd service with command: service pure-ftpd restart
At this state you have just enabling the Passive Mode of your pure-ftpd.
Next step is to open the passive mode’s port range in your APF.
- Open the APF configuration, pico -w /etc/apf/conf.apf
- Look for line: #Common ingress (inbound) TCP ports
- Just below that line, add specified port range with syntax startportnumber_endportnumber at IG_TCP_CPORTS. For example, IG_TCP_CPORTS=“21,22,[any other ports],30000_50000”_Note that the other preceding ports might different in your server.
- Restart APF with command: /etc/apf/apf -r
The Passive Mode FTP should be ready now.