• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Passive FTP Woes (Firewall)

Richard Ward

Richard Ward

New Pleskian
Hi,

I'm having an issue with the firewall blocking passive FTP connections (proftpd). I enabled "Allow incoming from all on port 49152-65534/tcp" on Plesk Firewall, but I paused when trying to add the passive ports in the config, because it told me they'd be overwritten.

Where do I specify the ProFTPd passive ports so that it'll work with the firewall and persist with Plesk auto updates? I understand the line PassivePorts is what I need to create, but the file
50-plesk.conf at /etc/proftpd.d states:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

So.. where does this go exactly? I have the firewall turned off for now until I can resolve this one issue...

Thanks,
 
Create a file /etc/proftpd.d/passive_ports.conf with this content:

<Global>
PassivePorts 57000 59000
</Global>

The range is an example only. You can also use 49152-65534. However, in internal test we found it to be a bad idea to use the whole space up to 65534. Add a rule to the firewall:

FTP PASV Ports
Incoming
Allow
Ports: TCP 57000-59000

Save the new setting (“Apply Changes” -> “Activate”).
 
I wasn't sure if a restart was required after adding the new conf file, but I did service xinetd restart and updated my firewall rules ports to reflect the lower range you mentioned.

Everything appears to be working now! Thank you very much.
 
You must log in or register to reply here.

Similar threads

A
Issue FTP - Insecure server, it does not support FTP over TLS.
Replies
3
Views
739
Alban Staehli
A
R
Question Disable FTP on single ip address
Replies
3
Views
323
Kaspar
K
B
Resolved Update broke FTP access
Replies
5
Views
959
Sebahat.hadzhi
Sebahat.hadzhi
B
Resolved How do I enable FTPS?
Replies
10
Views
1K
Kaspar
K
C
Issue Errors with Plesk scheduled backups
Replies
2
Views
1K
cmartinez127
C
Back
Top