Issue: cPanel based server, on CentOS, using Pure-FTPD and CSF. Users configuring FTP clients to use explicit FTP over TLS, are still unable log into FTP service. Error is commonly displayed as a time out; and sometimes a “server refused connection”.
Solution, edit the pure-ftpd.conf file:
nano /etc/pure-ftpd.conf
Find the section that looks like the following:
# Port range for passive connections replies. - for firewalling.
#PassivePortRange 49152 65534
and change it to something like this example:
# Port range for passive connections replies. - for firewalling.
#PassivePortRange 49152 65534
PassivePortRange 40000 45000
Restart Pure-FTPD:
/usr/local/cpanel/scripts/restartsrv_ftpd
Log into WHM and navigate to CSF’s Firewall Configuration. Under the “IPv4 Port Settings” search for the “TCP_IN” section, and append to the end of listed IP addresses:
40000:45000
Save (change) and restart CSF/LFD
If you have no remote client to test FTP access, you can use a remote test via: https://ftptest.net/
Same issue relates to “Unable to get directory listing” 😉