- Plesk for Linux
It is not possible to connect to a server via FTP in the passive mode. One of the following error messages appears on connection:
PLESK_INFO: 530 Login incorrect.
PLESK_INFO: ftp: connect: Connection refused
PLESK_INFO: Error: Connection timed out
Error: Failed to retrieve directory listing
PLESK_INFO: ftp: connect: Connection timed out
PLESK_INFO: 425 Can't open data connection.
PLESK_INFO: An error occurred opening that folder on the FTP server. Make sure you have permission to access that folder. The operation timed out
PLESK_INFO: Error listing directory '/httpdocs'. Transfer channel can't be opened. Reason: No connection could be made because the target machine actively refused it. Could not retrieve directory listing
PLESK_INFO: Connecting data socket to (203.0.113.2) port 39383
Socket error (Connection timed out) - reconnecting
It is not possible to get a directory listing by FTP using Secured TLS: the connection establishes but directory listing does not work. The following errors appear in
CONFIG_TEXT: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
pam_systemd(proftpd:session): Failed to connect to system bus: Permission denied
pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
The following records appear in
CONFIG_TEXT: proftpd: fatal: PassivePorts: missing arguments on line 17 of '/etc/proftpd.conf'
Issues with a network configuration.
The passive ports range is not configured in the FTP configuration file.
Passive ports are not opened in a firewall.
Configure passive port range using the article:
If the server is behind the NAT, to set the directive MasqueradeAddress, follow this article:
Enable passive port range using the following article (step 2):
In Plesk, go to Tools & Settings > Firewall > Modify Plesk Firewall Rules > Add Custom Rule (If Plesk Firewall is not installed, use this installation guide).
If there is no Modify Plesk Firewall Rules and only Enable Firewall Rules Management option is available, it means that the Plesk Firewall is switched off. Go ahead and enable it.
In Plesk Onyx 17.8, the FTP server passive ports rule is already installed. Just make sure this rule is enabled.
Specify the following:
Rule name: FTP server passive ports
Match direction: Incoming
Fill the Add port or port range field as it is specified in the
/etc/proftpd.conffile, e.g. 49152-65535, and select the TCP option.
Click Add > OK > Apply Changes > Activate:
The selected port range must be in the non-privileged range (e.g., greater than or equal to 1024). It is strongly recommended that the chosen range should be large enough to handle many simultaneous passive connections (e.g., 49152-65535, the IANA-registered ephemeral port range).
The port range should be allowed for incoming connections in the server firewall settings. Contact a server administrator to configure it if required.
For Cloud Solutions refer to the following documentation pages or configure allowed ports for the virtualization instance according to its documentation:
Alternatively, set the mode to active in FTP Client settings.