Passive FTP workaround for Plesk’s proftpd
23 01 2006Add the following line:
PassivePorts 49152 65534
to /etc/proftpd.conf
NOT /etc/proftpd.include as that file will be overwritten by Plesk regularly.
No need to restart xinetd (/etc/init.d/xinetd restart) as proftpd is executed only when a connection has been attempted on the port.
Add the following line:
/sbin/iptables -A INPUT -p tcp –dport 49152:65534 -j ACCEPT
to /usr/local/psa/var/modules/firewall/firewall-active.sh
That’s all!
Just need to make sure that the last incoming traffic rule is set to deny all.
Valid for Plesk 7.5.
[...] this site http://blog.nirkabel.org/2006/01/23/passive-ftp-workaround-for-plesks-proftpd/ suggests defining the passive ports and opening them on the firewall as [...]
A better way is using the ip_conntrack_ftp kernel module with
/sbin/modprobe ip_conntrack_ftp.
This fixed the passive ftp problem without manual changes of firewallrules under plesk.
hey thanks, it helped alot
Make sure if you place the PassivePorts 49152 65534 that you place it between the tags and not just anywhere.
Of course this is only when YOUR firewall is blocking passive http://FTP... it does nothing for when it is your end user. In this case just modify proftpd.conf and run /usr/local/psa/admin/bin/ftpmng –reconfigure-all.
Then again, why would YOUR firewall be blocking FTP that is going OUT from YOUR server? That’s grossly illogical in an enterprise production environment (or any other, save an anecdotal one).
/sbin/modprobe ip_conntrack_ftp
worked for me.
Cheers!
/sbin/modprobe ip_conntrack_ftp
Excellent.