The primary function of FTP is to facilitate the transference of information between the server and the clients. For doing this, it makes use of two kinds of ports, namely- command port and data port. The command port is said to be using port 21 and the data port to be using port 20 during a conventional active mode session. However, when the FTP uses the passive mode session, the data port does not necessarily use port 20 all the while.
Features of passive mode:
This is a manual procedure. Open /etc/csf/csf.conf file if you wish to manage the server’s firewall by using the CSF plug-in. Make sure that the passive port range is present at the end of TCP_IN line. The FTP server’s passive port range will get added to the firewall by default.
In order to use IPTABLES for the FTP server’s firewall, follow the given steps to add the port range:
In case you are making use of the firewall application for adding FTP server’s passive port range, run the given commands:
There is a high plausibility of facing problems or connection related issues in case you are using Xen or SolusVM for adding the FTP server to a firewall. However, the same can be avoided by performing few steps:
For acute instances when your configured server is unable to implement FTP connections in the passive mode to other IP addresses on your server, follow the given steps: