Pure-FTPd Active mode

timmerdanny

Verified User
Joined
Apr 2, 2014
Messages
15
I have a VPS running on DirectAdmin it has a public IP and is directly connected to the Internet. On my VPS I am using iptables for basic Firewalling. When I have iptables disabled, pro-ftpd works fine. When I have iptables enabled clients get stuck on "Retrieving directory listing...". I know how to setup with passive ports and solve this, but I would like to use active-FTP. This because one of our end clients is having a very secure Firewall and can't connect to a random passive port by Pro-FTPd.

On iptables I have openend the following ports:
  • 21 TCP
  • 20 TCP
  • 989 UDP/TCP
  • 990 TCP/UDP

However the end customer is still not able to connect and it got stuck on the dataport.
 
Which FTP client is the customer using?
Since 989 and 990 is open I presume you are using FTPs (so not via ssh but via ssl).

What I'm missing here is passive ports. With such strict firewall I presume the customer is using NAT or the it's a customers firewall issue. If yes, it's almost certain you will have to configure a passive port range above 1024. Not using passive will generate the directory listing issue.
The way you have it now, with only those ports opened without pasv ftp, I'm sure other customers will get issues any way.
 
Hello,

Check this: http://www.mdjnet.dk/ftp.html

3) FTP client doing non-passive connection.

3) The FTP client should be allowed to make TCP connections to port 21, and to accept TCP connections from port 20 to any ephemeral port.

So I'd rather say you need to allow outgoing TCP to 35000:35999 ports per FTP config:

Code:
PassivePorts            35000 35999
 
Back
Top