When attempting to connect to an FTP server, the client fails with an error similar to the following:
227 Entering Passive Mode Error: Connection Timeout
Description
This error can occur when your firewall is not configured to accept traffic on the passive port range configured on your server.
By default, this range is 49152-65534.
If you are using CSF on cPanel/WHM, it may be necessary to unblock the port range needed by the default FTP client, Pure-FTPd.
- To unblock those ports, log in to WHM.
- Once inside, go to Plugins.
- In plugins, click on Configserver Firewall & Security.
- Once there, click on Firewall Configuration.
Find the setting TCPIN and TCP_OUT in the list, and add the following to each: 49152:65534
The TCP_IN and TCP_OUT fields are comma-separated, but you can put the range above as a single value, so by default, the last port to open is 2096, so you would add the new one as 2096, 49152:65534
Click Change at the bottom. On the next screen, click Restart CSF + LFD.
Was this helpful?
1 / 0
