Introduction
FTP is a popular protocol for transferring files between a local computer and a server. However, administrators may find that FTP authentication works fine via the command line, while FTP clients like FileZilla fail to display directory listings or complete file transfers.
Usually, this problem relates to Passive Mode settings and firewall configurations. When passive FTP ports are blocked, the client can log in successfully but cannot establish the data connection required to list directories or transfer files.
This article outlines the main cause of this issue and provides step-by-step instructions to fix it on a server running Pure-FTPd and CSF Firewall.
Issue
You can successfully connect to the FTP server using the command line, but when connecting through an FTP client like FileZilla:
- The connection hangs at the MLSD command
- Directory listing fails
- Connection eventually times out
Cause
This issue usually occurs when the FTP server operates in Passive Mode.
In passive mode:
- The FTP client connects to port 21 for authentication.
- The server then opens a random high port (typically above 30000) for data transfer.
- If these passive ports are blocked by the firewall, directory listing and file transfers will fail.
Solution
Step 1: Log in to the FTP Server
Access your server via SSH.
Step 2: Configure Passive Port Range
Open the Pure-FTPd configuration file:
vi /etc/pure-ftpd.conf Locate the following line:
PassivePortRange 30000 35000
- Ensure the line exists.
- Make sure it is not commented out.
Save the file after confirming the configuration.
Step 3: Allow Passive Ports in CSF Firewall
Edit the CSF configuration file:
vi /etc/csf/csf.conf Find the TCP_IN rule and modify it as follows:
TCP_IN = "20,21,22,25,53,80,110,30000:35000" This allows incoming connections for FTP passive data ports.
Step 4: Restart CSF Firewall
After saving changes, restart CSF:
csf -r Result
Once the passive port range is properly configured and allowed in CSF:
- FTP clients like FileZilla will connect successfully.
- MLSD timeout errors will be resolved.
- Directory listing and file transfers will work normally.
Conclusion
When FTP login works from the command line but fails in FileZilla, the issue is usually due to passive FTP ports being blocked by the firewall. By configuring a passive port range in Pure-FTPd and allowing those ports through CSF, administrators can restore normal FTP functionality, such as directory listings and file transfers.
Configuring passive mode correctly is crucial for dependable FTP connectivity. It also helps avoid common timeouts and connection issues that FTP clients often encounter.
If you require help, contact SupportPRO Server Admin

