In FTP servers, there are two modes for data transfer: active and passive. In active mode, the server itself initiates the data transfer, whereas in passive mode, the client requests an open port from the server to establish and initiate the data transfer. Connecting to an FTP in passive mode can resolve connection issues if there is a firewall on the client side, as the connection is established from the client, avoiding issues with filtering or blocking incoming connections.
HestiaCP is pre-configured to support Passive FTP by default, so we will need to connect in the following way.
Adding rules to the Clouding Firewall
To allow your server to accept traffic on HestiaCP's passive FTP ports, you'll need to open ports 50000 to 50100 in the firewall associated with your server.
To do this, configure a custom rule to allow TCP traffic from port 50000 to 50100 with source IP 0.0.0.0/0, enabling connections from any IP address:
Once vsFTPd is installed and the basic configuration is done, for this you can see our article, Configuring vsFTPd on GNU/Linux, you need to add the following lines to the vsftpd.conf file to enable passive mode:
pasv_enable=Yes
pasv_min_port=50000
pasv_max_port=50100
Once you have made these changes, you can save and exit. Then, restart the vsftpd service:
# systemctl restart vsftpd
Important!
Note: To use passive mode, you will need to open the port range from 50000 to 50100 in the client panel firewall.
Connecting to FTP in passive mode with Filezilla
You now have everything ready to connect to your server via FTP using passive ports. In this guide, we'll show you in detail how to do this using FileZilla.
Once you've created this custom rule, your server will be ready to accept connections for passive FTP.
Remember, if you have any questions about this or anything related to your servers at Clouding, feel free to write to us at support@clouding.io. We are here to help with whatever you need!