I want configure proftpd for use in passice mode. My serveur is directly on the web with en Internet address 80.248.xxx.xxx I have add this line on /etc/proftpd.conf and restrart proftpd PassivePorts 5000 6000 In ispconfig, i have open the port 5000 to 6000 on the firewall ftp passif 5000:6000 tcp oui But i don't works Thanks for your help en sorry for my english
Yuo don't have to open ports on firewall. When passive connection is requested Proftpd opens passive ports from inside. I have opened just port 21 and passive works.. Check firewall on network where are you connectiong from
This is my iptables configuration root@servera:/# iptables -L Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere loopback/8 ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT 0 -- anywhere anywhere DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN 0 -- anywhere anywhere PUB_IN 0 -- anywhere anywhere PUB_IN 0 -- anywhere anywhere PUB_IN 0 -- anywhere anywhere DROP 0 -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED DROP 0 -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT 0 -- anywhere anywhere PUB_OUT 0 -- anywhere anywhere PUB_OUT 0 -- anywhere anywhere PUB_OUT 0 -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP 0 -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT 0 -- anywhere anywhere Chain PAROLE (11 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:www PAROLE tcp -- anywhere anywhere tcp dpt:81 PAROLE tcp -- anywhere anywhere tcp dptop3 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:rsync PAROLE tcp -- anywhere anywhere tcp dpts:5000:5999 PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT udp -- anywhere anywhere udp dpt:domain DROP icmp -- anywhere anywhere DROP 0 -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT 0 -- anywhere anywhere
Which distribution do you use? This might be interesting: http://www.howtoforge.com/forums/showthread.php?t=6104&highlight=passive+ftp+port
