How to Open Ports for Passive FTP in CSF (Configserver Firewall & Security)

When attempting to connect to an FTP server, the client fails with an error similar to the following:


227 Entering Passive Mode
Error: Connection Timeout



This error can occur when your firewall is not configured to accept traffic on the passive port range configured on your server.

By default, this range is 49152-65534.

If you are using CSF on cPanel/WHM, it may be necessary to unblock the port range needed by the default FTP client, Pure-FTPd.

  1. To unblock those ports, log in to WHM.
  2. Once inside, go to Plugins.
  3. In plugins, click on Configserver Firewall & Security.
  4. Once there, click on Firewall Configuration.

Find the setting TCPIN and TCP_OUT in the list, and add the following to each: 49152:65534

The TCP_IN and TCP_OUT fields are comma-separated, but you can put the range above as a single value, so by default, the last port to open is 2096, so you would add the new one as 2096, 49152:65534

Click Change at the bottom. On the next screen, click Restart CSF + LFD.

Was this helpful?

1 / 0