When attempting to connect to an FTP server, the client fails with an error similar to the following:
227 Entering Passive Mode Error: Connection Timeout
This error can occur when your firewall is not configured to accept traffic on the passive port range configured on your server.
By default, this range is 49152-65534.
If you are using CSF on cPanel/WHM, it may be necessary to unblock the port range needed by the default FTP client, Pure-FTPd.
- To unblock those ports, log in to WHM.
- Once inside, go to Plugins.
- In plugins, click on Configserver Firewall & Security.
- Once there, click on Firewall Configuration.
Find the setting TCPIN and TCP_OUT in the list, and add the following to each: 49152:65534
The TCP_IN and TCP_OUT fields are comma-separated, but you can put the range above as a single value, so by default, the last port to open is 2096, so you would add the new one as 2096, 49152:65534
Click Change at the bottom. On the next screen, click Restart CSF + LFD.
Was this helpful?
0 / 0