Using Passive FTP with ProFTPD
Learn more about ProFTPD configuration directives at http://www.proftpd.net/docs/configuration.html
1. Edit your ProFTPD
2. Add the following lines anywhere within the <Global> section:
# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
PassivePorts 49152 65534
3. If you are running ProFTPD in standalone mode, restart ProFTPD. No further action is necessary if ProFTPD is called via inetd or xinetd.
Note: In our environment, we had to make the following modifications to our IP Filter ruleset to allow these passive FTP connections:
Additions to /etc/opt/ipf/ipf.conf:
# Allow passive FTP transfers from ports 49152 to 65534, the IANA-registered
# ephemeral port range.
pass in quick proto tcp from any to any port 49151 >< 65535 flags S keep state
To have these
changes take effect, issue the following command:
/sbin/ipf -Fa -f /etc/opt/ipf/ipf.conf
Back to brandonhutchinson.com.
Last modified: 05/23/2002