Introduction:
In many cases, passive FTP is required due to FTP client-side firewalls, which allow connections to be initiated by the client to the server for both authentication and data control. By default, the passive port range is configured in the /etc/pure-ftpd.conf file with the following line:
PassivePortRange 49152 65534
However, if there are external or software-based firewalls, this port range needs to be allowed inbound so that the FTP client can establish the data control session.
Procedure:
To manage the CSF firewall and allow the specified port range, you can directly modify the /etc/csf/csf.conf file. Locate the following line:
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096"
To add the port range 49152 to 65534, include the following:
49152:65534
An example with the added range would look like this:
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,49152:65534"
Please ensure not to copy the provided example directly but add ",49152:65534" at the end before the closing double quotes. Once you've made the modification, reload the changes by running the following command:
csf -r
Important Note:
It's essential to keep in mind that firewall modifications are not handled by cPanel as they fall under the responsibility of the system administrator.
Alternatively, you can make this change in WHM under the "ConfigServer Security & Firewall" application plugin. Click on the "Firewall Configuration" button, search for "TCP_IN," add the port range change, click "Change" at the bottom, and then "Restart csf+lfd" to apply the modifications.