Symptoms
When attempting to connect to your server via FTP, you may encounter the following errors.
When ProFTPD is installed on your cPanel server the error looks like this:
425 Unable to build data connection: Connection refused
When PureFTPD is installed the error looks like this, where the first IP address would be the private IP of your local network, and the second IP is your public IP address:
500 I won't open a connection to xxx.xxx.xxx.xxx (only to xxx.xxx.xxx.xxx)
Description
These errors are known to be caused by a problem with the way that the server is configured to handle network connections. Specifically, the problematic configuration causes problems with clients that are making use of NAT configuration, or a proxy.
The following network configuration should be set to 0 in almost all cases:
net.ipv4.tcp_tw_reuse
You can check the current setting on your server with the following command. The following also shows the output that you would want to see which shows that the setting is set to 0. Please run this command as the root user via SSH or Terminal.
# sysctl net.ipv4.tcp_tw_reuse
net.ipv4.tcp_tw_reuse = 0
If this setting is not set to 0, please make use of the resolution below.
Resolution
Please be aware that the following instructions modify a Kernel setting. If you have any concerns or are unsure about the change, or if you are unsure that you are able to make the change safely, you must reach out to a systems administrator with the skills, training, and expertise required to provide consultation. This guide is provided as a courtesy only, as modification to kernel settings is a task that is best handled by a systems administrator with the skills, training, and expertise required to do so for you.
1. Login to the server as the root user via SSH or Terminal
2. Check to see what the current value of the setting is by executing the following command:
sysctl net.ipv4.tcp_tw_reuse
3. If the setting is not set to 0, use the following command to temporarily change the setting to 0:
sysctl net.ipv4.tcp_tw_reuse=0
4. Attempt to connect via FTP again to see if this has resolved the error
5. If the error has been resolved by this change you should make the change permanent.
6. Check to see if this setting is already configured somewhere with the following commands:
grep net.ipv4.tcp_tw_reuse /etc/sysctl.conf
grep -R net.ipv4.tcp_tw_reuse /etc/sysctl.d/
7. If the configuration is already configured in one of those files, remove or change it so that it is set to 0
8. You should also make an attempt to determine how the setting was put into place to prevent the possibility that the setting is later reverted some automated configuration system, or a colleague.
9. If the configuration was not already in place, you may add it with the following command. This command first creates a backup of the configuration with a timestamp (sysctl.conf.backup-2021-05-20-21-57-08) and then appends the configuration to the end of the file.
sed -i.backup-$(date +%F-%H-%M-%S) -e '$anet.ipv4.tcp_tw_reuse=0\n' /etc/sysctl.conf
10. You may optionally reload the configuration without the need for a reboot with the following command. However, if you have already enabled the temporary configuration from step 3, this step is not necessary because the temporary configuration will remain in place until you reboot the server or manually disable the temporary configuration. Upon reboot, the configuration from /etc/sysctl.conf would be reloaded.
sysctl -p
We have a generalized guide for modifying sysctl configuration options here: