Forums, Blogs, Wikis

A few months ago I moved all of my domains from a sad little VPS over to a dedicated server, and it made a huge difference in how well my sites worked. The only catch is that FTP connections were flaky. What I found is that setting the connection to Active would work, but in Passive mode the connection would time out.

After trying to get a client to be able to successfully connect I realized that just changing to Active really didn’t do any good for everybody because they might be behind a firewall that was blocking certain ports, and with my server firewalled the connection just wasn’t working.

So off to Google I went. What I found is that my server was blocking certain ports that Passive FTP needed causing the timeouts. Once I opened up those ports, everything works perfectly.

Opening the ports on APF
The first step was to tell APF to have a range of ports open for passive FTP connections. You can put in any range you want as long as it doesn’t conflict with another service. For this we’re going to use the range of 35000-36000 because that’s what the tutorial I found used.

First you need to open up /etc/apf/conf.apf in your favorite text editor. I like vi because of the simplicity, but emacs or whatever else will work.

Look for the line starting with IG_TCP_CPORTS. It will look something like the following.
IG_TCP_CPORTS="20,21,22,25,26,53,80,110,143,
161,443,165,623,993,995,2082,2083,2086,2087,2095,
2096,3306"

There may be more, but the above is pretty typical for a cPanel server.

Change it to the following. Note that you’re using an underscore to span the range.
IG_TCP_CPORTS="20,21,22,25,26,53,80,110,143,
161,443,165,623,993,995,2082,2083,2086,2087,2095,
2096,3306,35000_36000"

Save the file and restart APF with /etc/init.d/apf restart

Changing settings in PureFTPd
Now you need to tell PureFTPd to use those ports for passive connections. Open up the file /etc/pure-ftpd.conf in your editor and look for the following.
# PassivePortRange 30000 50000

Two things to note. One, the setting is commented out and two the range doesn’t match what we opened in APF. So change it to the following.
PassivePortRange 35000 36000

This time we’re not using anything between the range. The first number is the low end and the second number is the high end.

Restart the PureFTP server with /etc/init.d/pure-ftpd restart and you should be set.

Question, Comments...

Do you have more questions. Please either leave a comment below or join us in our new forum.

Tags: apf, cpanel, ftp, hosting, howto, links, linux, shell, ssh

This entry was posted on Sunday, February 10th, 2008 at 8:50 am and is filed under Tips & Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.