In Pureftpd,
To solve the error, the passive Port range should be added to the Pureftp configuration file.
1. We open Pureftp configuration file /etc/pure-ftpd.conf.
2. Then, we add the following line.
PassivePortRange 30000 35000
3. At last, we restart the Pureftp service.
service pureftpd restart
In ProFTP,
In ProFTP, we add the passive port range in /etc/proftpd.conf.
1. We open /etc/proftpd.conf and add this line.
PassivePorts 30000 35000
2. In the end, we restart the service.
service proftpd restart
Add passive port range in firewall settings
Most servers have a firewall to avoid security problems. Therefore, the passive port range should be open in the firewall configuration too.
Even if the FTP server allows passive ports, the firewall can block the connection between FTP client and server when the passive port range is not open. It results in 227 entering passive mode ftp connect connection timed out error.
For firewall like Iptables,
1. Firstly, we open /etc/sysconfig/iptables file.
2. Then, we add the entry like,
iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT
3. At last, we restart iptables
service iptables save
For firewall like CSF,
1. We open /etc/csf/csf.conf file.
2. Then, find the line with TCP_IN ,TCP_OUT and then added the port range.
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,30000:35000"
TCP_OUT = "20,21,22,25,53,80,110,30000:35000"
3. Finally, restart the CSF service.
csf -r
service csf restart