Resolved Passive FTP Woes (Firewall)

[Richard Ward]

Hi,

I'm having an issue with the firewall blocking passive FTP connections (proftpd). I enabled "Allow incoming from all on port 49152-65534/tcp" on Plesk Firewall, but I paused when trying to add the passive ports in the config, because it told me they'd be overwritten.

Where do I specify the ProFTPd passive ports so that it'll work with the firewall and persist with Plesk auto updates? I understand the line PassivePorts is what I need to create, but the file
50-plesk.conf at /etc/proftpd.d states:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

So.. where does this go exactly? I have the firewall turned off for now until I can resolve this one issue...

Thanks,

 

[Bitpalast]

Create a file /etc/proftpd.d/passive_ports.conf with this content:

<Global>
PassivePorts 57000 59000
</Global>

The range is an example only. You can also use 49152-65534. However, in internal test we found it to be a bad idea to use the whole space up to 65534. Add a rule to the firewall:

FTP PASV Ports
Incoming
Allow
Ports: TCP 57000-59000

Save the new setting (“Apply Changes” -> “Activate”).

 

[Richard Ward]

I wasn't sure if a restart was required after adding the new conf file, but I did service xinetd restart and updated my firewall rules ports to reflect the lower range you mentioned.

Everything appears to be working now! Thank you very much.