How to get FTP on WHM working if you’re using Pure-FTPd and ConfigServer Firewall


WHM doesn’t allow passive FTP connections through by default. You have to first tell the FTP software that it must allow it and do firewall work. This article explains how to do it if you’re running PureFTPd and ConfigServer Firewall. In summary you have to first tell PureFTPd that it can accept passive FTP connections, and then in ConfigServer Firewall you have to add the passive IP port range to the TCP_IN configuration directive. According to the documentation ConfigServer Firewall will add these passive IP ports ranges for you automatically, but on our servers we found that this is not the case.

Confirm you’re using PureFTPd.

First confirm you’re using PureFTPd. On WHM you have two options, PureFTPd and ProFTPd.

To see if you’re running PureFTPd, do this:

# service pure-ftpd status
Redirecting to /bin/systemctl status pure-ftpd.service
● pure-ftpd.service - Pure-FTPd
Loaded: loaded (/etc/systemd/system/pure-ftpd.service; enabled; vendor prese>
Active: active (running) since Fri 2023-04-07 00:16:34 SAST; 2 days ago

Add the `ForcePassiveIP` Setting

vi /var/cpanel/conf/pureftpd/local

Add this (unless you have NAT):

ForcePassiveIP: ~

If you have NAT, determine your server’s IP address:


Add your server’s IP address to the force passive IP setting:


Restart Pure-FTPd:

/usr/local/cpanel/scripts/setupftpserver proftpd --force

CSF Firewall Configuration

In CSF, look for TCP_IN here:

vi /etc/csf/csf.conf

Example with the ports directive you need to add, namely: `,49152:65534`

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443,49152:65534"

Next restart CSF:

service csf restart

You are done and passive FTP should be working now.


Instructions for Passive FTP for Pure FTP:

Forum post that helped:

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top