Deru Knowledgebase
Search:     Advanced search
Browse by category:
Contact Us
Deru Knowledgebase / Ftp / FTP session hangs. Enable passive FTP

FTP session hangs. Enable passive FTP
Print
Add comment
Views: 1724
Votes: 0
Comments: 0
Posted: 13 Apr, 2008
by:
Updated: 03 Aug, 2012
by:
Passive FTP

What is a Passive FTP Connection?

Passive FTP (sometimes referred to as PASV FTP because it involves the FTP PASV command) is a more secure form of data transfer in which the flow of data is set up and initiated by the File Transfer Program (FTP) client rather than by the FTP server program.

Most Web browsers (which act as FTP clients) use passive FTP by default because corporations prefer it as a safety measure. As a general rule, any corporate firewall server, which exists in order to protect an internal network from the outside world, recognizes input from the outside only in response to user requests that were sent out requesting the input. The use of passive FTP ensures all data flow initiation comes from inside the network rather than from the outside.




Setup ProFTP as Passive FTP

1. Edit your ProFTPD configuration file.

vi /usr/local/etc/proftpd.conf


2. Add the following lines anywhere within the <Global> section:

PassivePorts 49152 65534

 3. If you are running ProFTPD in standalone mode, restart ProFTPD. No further action is necessary if ProFTPD is called via inetd or xinetd.



Setting up the firewall: (APF Firewall)

1.      Open your APF configuration file with your favorite editor. This configuration file is usually located at: /etc/apf/conf.apf



vi /etc/apf/conf.apf

2.      Select a port range to use for the passive FTP connection, and find the line that looks like this:

IG_TCP_CPORTS="20, 21, 22, 25, 53, 80, 110, 143, 443,
  465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096, 3306"

If this list of ports already includes a port range above 20000, then you can skip onto configuring your FTP Server, but remeber the range listed. (20000 to 30000 would be written as 20000_30000)

3.      Add the port range to the end of the line and within the quotation marks("). Remeber each port/port range is seperated by a comma(,), and a port range between 35000 to 36000 is written as 35000_36000 .


IG_TCP_CPORTS="20, 21, 22, 25, 53, 80, 110, 143, 443,
  465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096, 3306,
  35000_36000"

3.      Save and restart your firewall.
Others in this Category
document FileZilla - configure ftp account
document Ftp: preserve file formats
document WinSCP configure ftp account
document TFTP INSTALLATION
document Mambo Admin "All contents Item" - join error
document SFTP CONFIGURATION IN FILEZILLA
document How to configure FTP in IIS?
document Steps to check FTP port 21 is blocked or not in different OS.
document Intermittent FTP connectivity issue -- ftp: connect: No route to host
document Creating FTP user in Windows Server
document Steps to configure CoffeeCup ftp client
document How to configure Sftp in CuteFtp


RSS
Powered by Deru Communications (Webhosting Knowledgebase)