• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 904
  • Last Modified:

Proftpd question - passive ftp

My server is now using proftpd and i want my ftp server to suport both active and passive ftp mode.
I have add the directive (PassivePorts 51000 60000
) and open inbound ports 51000-60000 at the firewall.

When i try to use WS_FTP LE to connect my ftp server, i got the following error

331 Password required for user.
PASS (hidden)
230 User vip logged in.
257 "/" is current directory.
215 UNIX Type: L8
Host type (S): UNIX (standard)
227 Entering Passive Mode (203,191,246,61,156,86).
connecting to
- -
connecting to
! Connection failed - connection refused
! connect: error 0
PORT 203,211,39,22,5,4
200 PORT command successful
! Receive error: Blocking call cancelled

PS. I am using port 8021 instead of port 21 for the ftp service
1 Solution
The problem here is that the WS_FTP LE client tried to use an ephemeral port outside of the range that your FTP server and firewall are configured for as shown in "connecting to". The client tried to open the connection on 40022.

Since the RFC behavior of the server in PASV mode is to open an ephemeral port and send that port number to the client so that it can open a connection to the server using that port it sounds to me like your ProFTP configuration isn't doing what you think it is in limiting the ephemeral port range. I'd suggest reviewing your ProFTP configuration and trying the server in debug mode to see what's happening with (proftpd -n -d 5). The debug level can be adjusted, see 'man proftpd'.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now