Fix Unable to Log into FTP Using TLS/SSL

Issue: cPanel based server, on CentOS, using Pure-FTPD and CSF. Users configuring FTP clients to use explicit FTP over TLS, are still unable log into FTP service. Error is commonly displayed as a time out; and sometimes a “server refused connection”.

Solution, edit the pure-ftpd.conf file:

nano /etc/pure-ftpd.conf

Find the section that looks like the following:

# Port range for passive connections replies. - for firewalling.
#PassivePortRange 49152 65534

and change it to something like this example:

# Port range for passive connections replies. - for firewalling.
#PassivePortRange 49152 65534
PassivePortRange 40000 45000

Restart Pure-FTPD:

/usr/local/cpanel/scripts/restartsrv_ftpd

Log into WHM and navigate to CSF’s Firewall Configuration. Under the “IPv4 Port Settings” search for the “TCP_IN” section, and append to the end of listed IP addresses:

40000:45000

Save (change) and restart CSF/LFD

If you have no remote client to test FTP access, you can use a remote test via: https://ftptest.net/

1 thought on “Fix Unable to Log into FTP Using TLS/SSL”

Leave a comment

BlogLogistics