How to enable passive ports on your pure-ftpd server and CSF Firewall
When transferring files on/from your ftp server you will need to have passive ports specified and allowed in the firewall.
Firstly lets edit pure-ftpd configuration file
Uncomment (remove # at beginning of the line) PassivePortRange and specify the passive port range:
PassivePortRange 35000 50000
* If this line is missing then simply add it at the end of the file.
Restart pure-ftpd to load the new configuration
service pure-ftpd restart
Next steep is to set the CSF firewall configuration
In file /etc/csf/csf.conf add the same port range under TCP_IN and TCP_OUT
In lines TCP_IN and TCP_OUT add 30000:50000, example
# Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2030,2031,30000:50000,6666" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443,2030,2031,30000:50000,993,995"
Now lets reload csf firewall configuration
that is it, enjoy!