Learn how to set the FTP Passive Port range in cPanel. Our cPanel Support team is here to help you with your questions and concerns.

FTP Passive Port range cPanel | Guide

Managing a cPanel system comes with its challenges. A common issue is the conflict between the firewall and FTP services like pure-ftpd or proftpd.

As a result, users run into connection issues when using passive-transfer mode. Today, we are going to take a closer look at this problem and the step-by-step solutions to ensure seamless FTP connections on cPanel systems.

Here is a diagram that demonstrates the issue:

Our experts have put together the following steps to modify the FTP configuration.

For Pure-FTPd servers

1. To begin with, log in to the server as the root user via SSH.
2. Next, we have to open the /var/cpanel/conf/pureftpd/local file or create it if it does not exist.
3. Then, we have to add the changes to the file, to modify the `ForcePassiveIP` option according to our our server’s configuration.

   For example, we can  set the ForcePassiveIP option to the public IP address of the FTP server

   ForcePassiveIP: 203.0.113.0

   Alternatively, if the server does not exist in a NAT configuration, we have to set the `ForcePassiveIP` option to the following entry:

   ForcePassiveIP: ~
4. Furthermore, we can also opt to modify the server’s default passive port range with these commands:

   echo "PassivePortRange: 49152 65534" >> /var/cpanel/conf/pureftpd/local
/usr/local/cpanel/scripts/setupftpserver pure-ftpd --force

5. Then, it is time to configure the server to let the passive port range through the firewall.
6. Now, restart the PureFTP service.

For ProFTPD Servers

1. To begin with, log in to the server as the root user via SSH.
2. Next, we have to open the /var/cpanel/conf/proftpd/local file or create it if it does not exist.
3. Then, we have to add the changes to the file, to modify the `MasqueradeAddress` option according to our our server’s configuration.

   For example, we can  set the MasqueradeAddress option to the public IP address of the FTP server if the FTP server exists behind a NAT configuration:

   MasqueradeAddress: 203.0.113.0

   Alternatively, if the server does not exist in a NAT configuration, we have to set the `MasqueradeAddress` option to the following entry:

   MasqueradeAddress: ~
4. Furthermore, we can also opt to modify the server’s default passive port range with these commands:

   echo "PassivePorts: 49152 65534" >> /var/cpanel/conf/proftpd/local
/usr/local/cpanel/scripts/setupftpserver proftpd –force
5. Then, it is time to configure the server to let the passive port range through the firewall.
6. Now, restart the ProFTP service.

How to Configure the Firewall

Before we begin, remember that Passive ports 49152 through 65534 are enabled by default for both Pure-FTPd and ProFTPD servers.

1. CSF Firewall Configuration:

   We have to modify /etc/csf/csf.conf by adding the passive port range to TCP_IN.

   TCP_IN = "20,21,22,25,53,80,110,...,49152:65534"

   We have to reload the changes with `csf -r`.
2. cPanel WHM Configuration:
   1. First, log in to WHM and head to Plugins.
   2. Then, click Configserver Firewall & Security.
   3. Next, head to Firewall Configuration and add the passive port range (49152:65534) to TCP_IN and TCP_OUT settings.
3. Iptables Configuration:

   We have to add the following rule to unblock the ports in Iptables:

   iptables -I INPUT 2 -p tcp --dport 49152:65534 -j ACCEPT
4. Then, save the firewall rules with this command:

   service iptables save

By understanding how FTP connections on cPanel systems work and make targeted configurations to FTP services and firewalls, we can resolve timeout issues and have smooth migrations.

So get ready to implement the solutions according to your specific server setup, and enjoy uninterrupted FTP connections on your cPanel system.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

In brief, our Support Experts demonstrated how to set the FTP Passive Port range in cPanel.