The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't change pureFTP passive port range

Discussion in 'General Discussion' started by Ioan Sameli, Jan 21, 2015.

  1. Ioan Sameli

    Ioan Sameli Member

    Joined:
    Jan 20, 2015
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Shibuya, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    I can't connect to my server with ftp, as pureFTP is trying to enter passive mode with ports below 1024, which are blocked. I did specify a 20000 - 30000 range in pure-ftpd.conf, but it seems this setting is ignored by pureFTP.

    Other settings that I modify in pure-ftpd.conf are taken in account after I restartsrv_ftpserver, but PassivePortRange seems to be ignored for some reasons.

    Here's the relevant part of my pure-ftpd.conf file:

    Code:
    #Port range for passive connections replies. - for firewalling.
    
    PassivePortRange          30000 50000
    
    # Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
    # Symbolic host names are also accepted for gateways with dynamic IP
    # addresses.
    
    ForcePassiveIP                54.65.xxx.xxx
    And here's the error I get when I try to connect with FileZilla - pureFTP is asking to connect to ports 218,129 instead of the range I've set:

    Code:
    Command: 	PASV
    Response:  	227 Entering Passive Mode (54,65,xxx,xxx,218,129)
    Command: 	MLSD
    Error:         	The data connection could not be established: ECONNREFUSED - Connection refused by server
    Error:         	Connection timed out
    Error:         	Failed to retrieve directory listing
    I'm pretty sure I'm missing something simple here, but I've been searching for a good hour now, and can't figure out what I'm doing wrong. Any idea?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you using a third-party firewall management utility such as CSF? If so, does the issue persist when temporarily disabling CSF? You must ensure the passive port range is not blocked in your firewall.

    Thank you.
     
  3. Ioan Sameli

    Ioan Sameli Member

    Joined:
    Jan 20, 2015
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Shibuya, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thanks for your reply.

    The passive range is definitively blocked by my firewall, and I don't want to leave the ports <1024 open (except the obvious ones).

    My problem is that I can't change the PassivePortRange for pureFTP - the directive seems to be ignored. Any idea why?

    Thanks.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please ensure you follow the instructions exactly as they are presented here:

    How to enable Passive mode for Pure-FTPd

    Thank you.
     
  5. Ioan Sameli

    Ioan Sameli Member

    Joined:
    Jan 20, 2015
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Shibuya, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    That's exactly the tutorial I originally followed, but pureFTP still redirects me to the wrong ports when I try to connect:


    Code:
    Command: 	PASV
    Response:  	227 Entering Passive Mode (54,65,160,149,218,239)
    As you can see, even though I've set the PassivePortRange to "30000 50000", it tries so use ports 218 and 239 for some reasons - and those are blocked by the firewall.

    Other settings that I modify in the same /etc/pure-ftpd.conf configuration file are taken into account, but it seems the PassivePortRange setting is either ignored or overridden by something.

    Any idea what could cause this? I did a fair amount of googling but couldn't find any answer.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.
     
  7. Ioan Sameli

    Ioan Sameli Member

    Joined:
    Jan 20, 2015
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Shibuya, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    Thanks a lot for your help Michael.

    I've tried again on a fresh cPanel install and got exactly the same problem, still not sure if it's a bug or me who does something wrong.

    I've submitted the ticket 6029505, looking forward to get this resolved.
     
  8. Ioan Sameli

    Ioan Sameli Member

    Joined:
    Jan 20, 2015
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Shibuya, Tokyo, Japan
    cPanel Access Level:
    Root Administrator
    Ticket resolved (that was effective).

    If anyone runs into this issue in the future, here's the solution:

    - My port number was actually right - the port number is not plain, it's a 16bit digit encoded as two 8bit digits: How to get port in FTP protocol from passive mode? - Stack Overflow
    - My connection was refused because iptable was blocking the ports in the passive range - so double check your iptable configuration.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page