Using Passive FTP with ProFTPD

Learn more about ProFTPD configuration directives at http://www.proftpd.net/docs/configuration.html

1. Edit your ProFTPD configuration file.

vi /usr/local/etc/proftpd.conf


2. Add the following lines anywhere within the <Global> section:

# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts 49152 65534


3. If you are running ProFTPD in standalone mode, restart ProFTPD. No further action is necessary if ProFTPD is called via inetd or xinetd.

Note: In our environment, we had to make the following modifications to our IP Filter ruleset to allow these passive FTP connections:

Additions to /etc/opt/ipf/ipf.conf:

# Allow passive FTP transfers from ports 49152 to 65534, the IANA-registered
# ephemeral port range.
pass in quick proto tcp from any to any port 49151 >< 65535 flags S keep state

To have these changes take effect, issue the following command:
/sbin/ipf -Fa -f /etc/opt/ipf/ipf.conf

Back to brandonhutchinson.com.

Last modified: 05/23/2002