While the following article relates to our Cloud VMs, the principle applies to any server e.g. Dedicated, and as such if the passive FTP ports are blocked, it will not be possible to create a passive FTP connection.
Blocked Ports
It is not possible to use FTP in Passive mode - and by extension explicit FTP over TLS, where the passive ports are being blocked on the server via:
- The Cloud Firewall:
- Where the Default Firewall Rule is set to Drop.
- The firewall on the Virtual Machine:
- Where present and active, and set to Drop by default.
Allow Connectivity
To allow passive FTP connectivity, you will need to allow for one (or more) of these options:
- Enter your own IP address, with an Allow rule - for all ports:
- However it is not always practical to add the IP address, where users from various locations need to access FTP.
- There is a sample configuration for this method below.
- Note: This rule must be at the top of the firewall rules list.
- Set the range of passive ports - for the FTP service, and then set the corresponding ports in the firewall:
- This perhaps is the better solution, as it ensures that you are still locking the server down while allowing passive FTP access to the server.
- The following articles apply to control panels in use on our servers:
- Plesk: Cannot connect to FTP in passive mode
- cPanel/WHM: How to Enable FTP Passive Mode
- Direct Admin: What ports do I need to open in my firewall?
Sample Configuration (for Item 1):
- Rule #: eth0
- Source Address: 1.1.1.1/32
- The /32 indicates a single IP address.
- You can use a network range also, where applicable.
- Destination Port: Left Blank
- The reason it is left blank, is to allow all ports for the rule you are creating.
- Protocol: TCP
Cloud Firewall
The following article will assist in configuring the Cloud Firewall for the Cloud VM:
How do I modify my firewall on my Cloud VM?
Alternative To Amending Firewall/Passive Configuration
If you do not wish to amend the configuration for your firewall and/or FTP service, the alternative would be to create an FTP connection to the server with the following properties:
- Connection Type:
- Plain FTP.
- No Encryption.
- Connection Mode:
- Active
However, you should note that in order to make a secured TLS connection to the FTP service it requires Passive mode so it would be more preferable to follow the steps via "Allow Connectivity" (above).
Further Queries
If you have any queries on this, please contact our Support team - see the following for our contact details:
- https://www.blacknight.com/contact-us.html
Comments
0 comments
Article is closed for comments.