Enabling Passive Mode on your FTP Server
If you are running an FTP server behind CSF (a front end for iptables on Linux) then you will likely have run into issues with directory listing either being non-existent or very slow!
The solution to this is pretty straight forward and that is to enable passive mode within the FTP server configuration and then open a pre-determined range of ports for passive mode within the CSF Firewall as follows:
1.) Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file
i. For Pureftpd add a line like this to /etc/pure-ftpd.conf PassivePortRange 30000 35000
ii.) For ProFTP add a line like this to /etc/proftpd.conf PassivePorts 30000 35000
2.) Add the relevant port rule in CSF by looking for the parameter labelled TCP_IN within /etc/csf/csf.conf and after the last entry add ",30000:35000" without the quotation marks - you should end up with something that looks similar to:
TCP_IN = "20,21,22,25,53,80,110,30000:35000"
After successfully completing the above steps you will then want to restart your CSF and FTP services for the changes to take effect but if they don't, you'll need to check your logs as you'll have likely made a mistake when inputting the changes.
The solution to this is pretty straight forward and that is to enable passive mode within the FTP server configuration and then open a pre-determined range of ports for passive mode within the CSF Firewall as follows:
1.) Add Passive Port range 30000-350000 to your Pureftp or Proftp configuration file
i. For Pureftpd add a line like this to /etc/pure-ftpd.conf PassivePortRange 30000 35000
ii.) For ProFTP add a line like this to /etc/proftpd.conf PassivePorts 30000 35000
2.) Add the relevant port rule in CSF by looking for the parameter labelled TCP_IN within /etc/csf/csf.conf and after the last entry add ",30000:35000" without the quotation marks - you should end up with something that looks similar to:
TCP_IN = "20,21,22,25,53,80,110,30000:35000"
After successfully completing the above steps you will then want to restart your CSF and FTP services for the changes to take effect but if they don't, you'll need to check your logs as you'll have likely made a mistake when inputting the changes.