FTP “Error: Server returned unroutable private IP address in PASV reply”

 

If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections don’t get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3.

 

Set Passive Port Range in PureFTPD

1) Configure pure-ftpd

 

echo “40110 40210” > /etc/pure-ftpd/conf/PassivePortRange

service pure-ftpd-mysql restart

2) Configure the firewall. If you use ISPConfig 3 on my server to configure the bastille firewall, you can add the nescessera port range in the ISPConfig firewall settings.

 

Change the list of Open TCP ports from:

 

20,21,22,25,53,80,110,143,443,3306,8080,10000

to:

 

20,21,22,25,53,80,110,143,443,3306,8080,10000,40110:40210

and then click on “Save”.

 

Set Passive IP in PureFTPD

Setting a passive IP in FTP might be necessary when your server is located behind a NAT router. You will get an error like “Error: Server returned unroutable private IP address in PASV reply” from your FTP client in such a case.

 

To set a passive IP address, run this command:

 

echo “1.2.3.4” > /etc/pure-ftpd/conf/ForcePassiveIP

Replace 1.2.3.4 with the External IP address that clients shall use to connect to the FTP server. Then restart pureFTPD:

 

service pure-ftpd-mysql restart

 

 

 

Regards,

 

Kon Belieu

Partner

[email protected]   |  513-575-3500


4440 Lake Forest Dr., Suite 102B, Cincinnati, OH  45242

 

Tags:

Comments are closed

Latest Comments

No comments to show.