Disable Passive Mode in FTP

Operating System & Version
Centos 6
cPanel & WHM Version
88.0.13

Vs Nu

Well-Known Member
Jul 17, 2015
75
4
58
India
cPanel Access Level
Root Administrator
I'm using OVH Network firewall in OVH Network firewall I'm unable to open port ranges like 49152:65534 So is there anyway to disable the Passive mode or changing the Port as Single Port (Not as Range)

Please advise
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
122
35
103
Denmark
cPanel Access Level
Root Administrator
Hi,

I wouldn't disable Passive Mode, as that would then probably make 90% of the clients unable to connect ;)
I don't know the OVH Network Firewall - but you could manually set a Passive Port range in PureFTP:

Another approach could be to deactivate the OVH Network Firewall and install a firewall on your server directly (fx CSF)
 
  • Like
Reactions: cPanelLauren

Vs Nu

Well-Known Member
Jul 17, 2015
75
4
58
India
cPanel Access Level
Root Administrator
Hi,

I wouldn't disable Passive Mode, as that would then probably make 90% of the clients unable to connect ;)
I don't know the OVH Network Firewall - but you could manually set a Passive Port range in PureFTP:

Another approach could be to deactivate the OVH Network Firewall and install a firewall on your server directly (fx CSF)
But as due to the Attack on the server i had enabled the OVH Firewall and i had confirmed with them that their firewall won't allow Port Ranges (We can able to enable only the port like 49152) not like (11111:22222)

What could you be the alternative for this
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
122
35
103
Denmark
cPanel Access Level
Root Administrator
Yeah, a quick google search actually confirms that OVH Network Firewall does NOT support port ranges... that's odd.
If I were you, I would deactivate it and install CSF on the server - you have the same possibilities and features in CSF + much more.
 

Vs Nu

Well-Known Member
Jul 17, 2015
75
4
58
India
cPanel Access Level
Root Administrator
I had used CSF Before but due to attack Im using the OVH Firewall from past 24 hours
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
122
35
103
Denmark
cPanel Access Level
Root Administrator
Ok, but what kind of attack did CSF not prevent you from? I think it's just about configuring CSF in a proper way ;)
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
122
35
103
Denmark
cPanel Access Level
Root Administrator
Ok - I don't know what type of attack, but if it's a DOS attack, you may want to look into the Port Flood Protection features in CSF
 

Vs Nu

Well-Known Member
Jul 17, 2015
75
4
58
India
cPanel Access Level
Root Administrator
I had configured the Port Flood too ! But it does not help
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
122
35
103
Denmark
cPanel Access Level
Root Administrator
Hmmm ok - but it must be some fine tuning, as there is nothing OVH Firewall can do that CSF cannot.
Anyway - take a look at customizing the passive ports in the above link, that might help you on the way :)
 

Vs Nu

Well-Known Member
Jul 17, 2015
75
4
58
India
cPanel Access Level
Root Administrator
Is it possible to use Single Port instead of Range ?
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
122
35
103
Denmark
cPanel Access Level
Root Administrator
I wouldn't limit the Passive ports to a single port as that will also limit the number of connected FTP clients.
Instead, you could limit the range to fx 50 ports (3000:3049) and then create 50 rules in OVH Firewall
 

Vs Nu

Well-Known Member
Jul 17, 2015
75
4
58
India
cPanel Access Level
Root Administrator
I understand but in OVH Firewall we can able to create only 19 rules :(
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
122
35
103
Denmark
cPanel Access Level
Root Administrator
Hm ok - but then you could limit it to 10 ports. I.e. 3000:3009.
BUT... I would strongly recommend solving this in another way. Like having one of the System Administration experts having a look at hove to solve your DOS attack.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,304
1,247
313
Houston
It seems pretty odd that OVH would include the passive port ranges for FTP in their firewall as well. This would severely limit the ability to access FTP for all of the users that utilize the service. Further to that adding every single port in the passive range would be unrealistic.
 

Vs Nu

Well-Known Member
Jul 17, 2015
75
4
58
India
cPanel Access Level
Root Administrator
It seems pretty odd that OVH would include the passive port ranges for FTP in their firewall as well. This would severely limit the ability to access FTP for all of the users that utilize the service. Further to that adding every single port in the passive range would be unrealistic.
Let me contact OVH if there is any possibility