Introduction
Many client-side firewalls block Active FTP connections to the FTP data port, which are initiated from the server. Passive FTP connections to the FTP data port are initiated from the client and not blocked by the client-side firewall. The passive port range is 49152 to 65534. These ports are generally not open in the server-side firewall.
Procedure
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Open
/etc/csf/csf.conf
in your preferred text editor. - Locate the
TCP_IN
line. - Add
,49152:65534
between the last port number and the closing quotes.TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,49152:65534"
- Save the changes and exit the text editor.
- Restart CSF.
csf -r
Firewall modification is a system administration task and should be performed by a qualified system or security administrator.
Comments
0 comments
Article is closed for comments.