Correcting your passive port range for cPanel for FTP

  • Published on Apr 7, 2026
  • 1 minute(s) read
Prev Next

On cPanel systems, sometimes the firewall and pure-ftpd / proftpd service can be at odds.

This causes connections using passive-transfer mode to fail after initially connecting. The reason for this is that the FTP client will connect, but the server will respond back to use a port number that is blocked by the firewall configuration.

To correct this, you'll need to modify the configuration file for the FTP service.

For Pure-FTP:

1. Log in by SSH as root
2. Remove the cache configuration file

rm -f /var/cpanel/conf/pureftpd/main.cache

3. Edit the main configuration file

nano /var/cpanel/conf/pureftpd/main

4. Set the PassivePortRange range with the start and end of allowed ports

PassivePortRange 30000 35000

5. Regenerate the running configuration

/scripts/setupftpserver --force pure-ftpd

For Pro-FTP:

1. Log  in by SSH as root
2. Remove the cache configuration file

rm -f /var/cpanel/conf/proftpd/main.cache

3. Edit the main configuration file

nano /var/cpanel/conf/proftpd/main

4. Set the Passive Ports range with the start and end of allowed ports

PassivePorts 30000 35000

5. Regenerate the running configuration

/scripts/setupftpserver --force proftpd

Now FTP transfers can use passive-transfer mode without problems.