How to set Pure-FTPd for the server behind the NAT?

Discussion in 'Installation/Configuration' started by mike.smith, May 2, 2023.

  1. mike.smith

    mike.smith New Member

    This post is for training.
    On the ISPConfig backend server with a private IP, assuming that your custom "Pure-FTP" port is: 1234
    So, to set Pure-FTPd in the server behind the NAT, We have to do these steps:

    • Set the custom port, ForcePassiveIP and PassivePortRange in Pure-FTP
    Code:
    echo ",1234" > /etc/pure-ftpd/conf/Bind // Change 1234 to the port you want
    echo "10.20.30.40" > /etc/pure-ftpd/conf/ForcePassiveIP // Replace 10.20.30.40 with the public IP address that clients shall use to connect to the FTP server
    echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange
    systemctl restart pure-ftpd-mysql
    
    
    Now check the "Pure-FTPd" listening port​
    Code:
    netstat -tnulp | grep pure-ftpd
    The output should be something like this​
    Code:
       tcp        0      0 0.0.0.0:1234           0.0.0.0:*               LISTEN      134789/pure-ftpd (S
       tcp6       0      0 :::1234                :::*                    LISTEN      134789/pure-ftpd (S
    
    
    • You should add the Pure-FTP custom port and PassivePortRange in the ispconfig firewall, so after doing that, "Open TCP ports" should look something like this:
    22,25,53,80,110,143,443,465,587,993,995,3306,4190,8080,8081,40110:40210,1234​
    • Set a NAT rule for FTP connections
    I use the Mikrotik router, so use this command to create the NAT rule
    Rreplace 10.20.30.40 with your public IP address and 192.168.167.166 with your private IP address​
    Code:
    /ip firewall nat
    add chain=dstnat dst-address=10.20.30.40 protocol=tcp dst-port=1234,40110-40210 action=dst-nat to-addresses=192.168.167.166
    
    
     
    Last edited: May 3, 2023
    ahrasis likes this.
  2. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    if you're binding pure-ftp to a custom port then you'll no longer need to keep port 21 open in the ispconfig firewall.
     
    ahrasis likes this.
  3. mike.smith

    mike.smith New Member

    I corrected it.
     

Share This Page