How to Open Ports for Passive FTP in CSF (Configserver Firewall & Security)

FTP passive mode can help with a Directory Listing Timeout error when connecting through an ISP that is not allowing port 20.

If you are using CSF on cPanel, it may be necessary to unblock the port range needed by the default FTP client, Pure-ftpd.

By default the ports are set to 49152 to 65534.

To unblock those ports, log in to WHM.

Once inside, go to Plugins.

In plugins, click on Configserver Firewall & Security.

Once there, click on Firewwall Configuration.

Find the setting TCP_IN and TCP_OUT in the list, and add the following to each:

49152:65534

The tcp_in and tcp_out fields are comma separated, but you can put the range above as a single value, so by default the last port to open is 2096, so you would add the new one as 2096,49152:65534

Click Change at the bottom.

On the next screen, click Restart CSF + LFD.