• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Passive FTP Woes (Firewall)

Richard Ward

Richard Ward

New Pleskian
Hi,

I'm having an issue with the firewall blocking passive FTP connections (proftpd). I enabled "Allow incoming from all on port 49152-65534/tcp" on Plesk Firewall, but I paused when trying to add the passive ports in the config, because it told me they'd be overwritten.

Where do I specify the ProFTPd passive ports so that it'll work with the firewall and persist with Plesk auto updates? I understand the line PassivePorts is what I need to create, but the file
50-plesk.conf at /etc/proftpd.d states:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

So.. where does this go exactly? I have the firewall turned off for now until I can resolve this one issue...

Thanks,
 
Create a file /etc/proftpd.d/passive_ports.conf with this content:

<Global>
PassivePorts 57000 59000
</Global>

The range is an example only. You can also use 49152-65534. However, in internal test we found it to be a bad idea to use the whole space up to 65534. Add a rule to the firewall:

FTP PASV Ports
Incoming
Allow
Ports: TCP 57000-59000

Save the new setting (“Apply Changes” -> “Activate”).
 
I wasn't sure if a restart was required after adding the new conf file, but I did service xinetd restart and updated my firewall rules ports to reflect the lower range you mentioned.

Everything appears to be working now! Thank you very much.
 
You must log in or register to reply here.

Similar threads

B
Resolved Update broke FTP access
Replies
5
Views
240
Sebahat.hadzhi
Sebahat.hadzhi
C
Issue Errors with Plesk scheduled backups
Replies
2
Views
742
cmartinez127
C
H
Issue Backup failing to connect to remote FTP server
Replies
5
Views
2K
Peter Debik
P
M
Issue FTP behind VPN - Connect it via Local IP
Replies
0
Views
2K
Mutate2546
M
T
Issue Explicit FTP over TLS: Initializing TLS... TLS/TLS-C negotiation failed on control channel
Replies
3
Views
3K
mow
M
Back
Top