FTP stopped working on several servers

WebHostPro

Well-Known Member
PartnerNOC
Jul 28, 2002
1,726
28
328
LA, Costa RIca
cPanel Access Level
Root Administrator
Twitter
We are now getting these errors from several servers when trying to FTP:

FTP stops at:

Status: Connected
Status: Retrieving directory listing...
Status: Directory listing of "/" successful
Status: Retrieving directory listing of "/public_html"...
Command: CWD /public_html
Response: 250 OK. Current directory is /public_html
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing


It looks like Pure FTP is trying to direct ftp programs to a port that is blocked in the firewall.

This just started so something changed in the CSF firewall or in CPanel.

I have found several threads on this in this forum and none have a straight answer other than re-configuring FTP. There has to be a better way.

I don't think the default ftp for CPanel requires root level ftp config changes to work.

Thanks,
Charles
 

mtindor

Well-Known Member
Sep 14, 2004
1,394
72
178
inside a catfish
cPanel Access Level
Root Administrator
I think default FTP for cPanel does require root level FTP config changes to work IF you are running a firewall such as CSF.

The firewall would block passive mode FTP transfers.

I'll give you an example. You don't have to open 5000 ports unless you have some crazy amount of concurrent FTP traffic. I certainly don't use such a wide port range of 30000 35000. It's just an example.

See PassivePortRange in /etc/pureftpd.conf

PassivePortRange 30000 35000

See TCP_IN in /etc/csf/csf.conf and add the passive port range to it

TCP_IN = "##,##,##,###,###,###,30000:35000"

Notice in TCP_IN you see 30000:35000 , that's a range of ports. And based upon what you set for the PassivePortRange in /etc/pureftpd.conf, you should modify TCP_IN in /etc/csf/csf.conf to allow those inbound ports.

Basically, if you have a firewall blocking TCP 20 inbound [and most servers do], you need to have Passive FTP configured properly.

Of course you'll need to restart both PureFTP and CSF after making the modifications.

M
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

I am happy to see the issue is now resolved. Thank you for updating us with the outcome.