Hong Manh's BlogHong Manh's Blog Sharing Technology Knowledge

How to open FTP passive ports in cPanel/WHM

cPanel is a popular proprietary web hosting control panel on Linux systems that provides a host of tools for configuring and managing a hosted web site. It’s commonly accessed via WebHost Manager, or WHM.

One of the protocols you can configure using cPanel/WHM is the File Transfer Protocol, or FTP. This protocol is one of the oldest still in use, having first been written in 1971. It’s typically used by website maintainers to upload data to the server.

Many administrators find it necessary early on to enable passive mode FTP. This is because the default, active mode FTP, isn’t usable when the client is behind a NAT firewall, due to NAT blocking requests from the server that use different ports than the first connection. Since NAT is in place for the majority of connecting users, you will almost certainly have to enable passive mode FTP yourself.

The following guide will teach you how to enable passive mode FTP using cPanel/WHM terminal commands.

Getting started

To complete this guide, you will need the following:
• 1 Node (Cloud Server or Dedicated Server)
• SSH root access on the server.


At the installation of cPanel/WHM, the FTP passive ports are not open by default in either the FTP configuration or in the firewall. This example will show you how to open those ports if you are running the pure-ftp daemon.

First, go ahead and open the pure-ftp config file in an editor. You’ll have to modify this line:

nano /etc/pure-ftpd.conf

Find this line :

#Port range for passive connections replies. - for firewalling.
#PassivePortRange 30000 50000

And remove the comment :

#Port range for passive connections replies. - for firewalling.
PassivePortRange 30000 50000

Save and exit. Restart the pure-ftp service so it reflects the changes.

/etc/init.d/pure-ftpd restart

Now, open the ports used by passive mode FTP in your firewall.

iptables -I INPUT 2 -p tcp --dport 30000:50000 -j ACCEPT

You can now save your firewall rules.

service iptables save


Once you’ve made these changes, passive mode FTP will be working on your server. Clients behind a firewall will be able to connect to your server through FTP without difficulty. If this guide was helpful to you, kindly share it with others who may also be interested.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments

Press ESC to close

Would love your thoughts, please comment.x