Symptoms
When attempting to connect to an FTP server, the client fails with a timeout error similar to the following:
227 Entering Passive Mode
Error: Connection Timeout
Description
This error can occur when your firewall is not configured to accept traffic on the passive port range configured on your server.
- By default, this range is 49152-65534.
You can confirm the functionality of your firewall using a utility called "Netcat" using the following test procedure:
- Stop the FTP service in "WHM / Service Configuration / Service Manager."
- Open "WHM / Server Configuration / Terminal."
- Run "nc -l 49152" to start listening on port 49152.
- On another machine with netcat installed, run "nc YOUR-SERVER-IP 49152"
Please note that YOUR-SERVER-IP should be replaced with your server's actual IP. - Type a message and press enter.
- Check the original server.
- Ctrl+C to stop the listening netcat instance on the server.
- Start the FTP service via WHM.
Here is a demonstration:
In this output, as the communication was successful, there was not a firewall-related communication error.
You can verify or update the passive port range via the configuration files for your FTP daemon.
- ProFTP
- The file is located at "/etc/proftpd.conf"
- The setting is called 'PassivePorts'
- Pure-FTP
- The file is located at "/etc/pure-ftpd.conf"
- The setting is called "PassivePortRange"
You can check either daemon's currently configured port range on the command-line:
- ProFTP
[root@server ~]cPs# grep 'PassivePorts' /etc/proftpd.conf
PassivePorts 49152 65534
- Pure-FTP
[root@server ~]cPs# grep 'PassivePortRange' /etc/pure-ftpd.conf
PassivePortRange 49152 65534
Workaround
You will need to ensure these ports are open in your firewall.
If you are using ConfigServer Firewall, please consult our guide for CSF.
You may also wish to reference our general firewall documentation.
Resources
More details on configuring FTP Passive Mode is available in our documentation.
If you continue to have issues even after adjusting these settings, please see our other passive FTP guidance.
Comments
0 comments
Article is closed for comments.