0

I opened from firewall port 21 for FTP on Google Cloud Engine but I can only connect via active mod to FTP. I want to use passive mod too.

According to https://stackoverflow.com/questions/24566692/filezilla-ftp-server-fails-to-retrieve-directory-listing port 50000-55000 must be open but I tried that. This answers is not worked on my situation. When I open all ports to TCP I can connect via passive mod but I do not want to open all ports (or do i need to open all ports ??)

Here i found all port things:

Passive mode

In passive mode, the client has no control over what port the server chooses for the data connection. Therefore, in order to use passive mode, you'll have to allow outgoing connections to all ports in your firewall.

My question is do i need to open all ports for passive mod or can i something else ?

System

OS: CentOS 7 with latest packages

FTP Service: PureFTPd

Update

When I try on passive mod, logs says logged in, after stucks at retreiving file list (i can't post logs because my log file is not English)

Thanks & Regards

Community
  • 1
ahmetertem
  • 123
  • 1
  • 7
  • Show us some logs and/or error messages that you are getting with the passive mode. Do not even try the active mode. Are you connecting to or from the GCE? – Martin Prikryl Jan 05 '17 at 12:07
  • When I try on passive mod, logs says logged in, after stucks at retreiving file list (i can't post logs because my log file is not English) – ahmetertem Jan 05 '17 at 12:10

1 Answers1

4

Add the following:

PassivePortRange 50000 55000

in 

/etc/pure-ftpd.conf

and i think that your problem will be solved. Keep in mind that this port range should also be allowed in your firewall.

EDIT:

Quoted from this wonderful source:

In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). The first port contacts the server on port 21, but instead of then issuing a PORT command and allowing the server to connect back to its data port, the client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1023) and sends P back to the client in response to the PASV command. The client then initiates the connection from port N+1 to port P on the server to transfer data.

the trick here is that with the

PassivePortRange 50000 55000

directive will force pureFtp to pick random ports from this range that you have previously allowed in your firewall.

Vikelidis Kostas
  • 927
  • 1
  • 6
  • 15
  • Thanks it worked but i want to ask anyway; I found a line starts with `PassivePortRange` and ports. Which one is correct a) open 50000-55000 or default passiveportrange ? – ahmetertem Jan 05 '17 at 12:41