User profile for user: capaho
capaho Author
User level: Level 4
3,677 points

FTP Passive Port Conundrum

The firewall has a service setting for ftp passive ports in the 49152-65535 range, but the ftp server hands off to passive ports beginning in the 42000 range, which get blocked by the firewall. There is no option to change the passive port range for ftp in Server Admin, thus editing the ftp configuration file manually seems to be the only solution.

This would appear to be a snafu between the firewall configuration and the ftp configuration in Server Admin. Am I missing something here or is this a bug?

iMac 2.4 GHz Core 2 Duo, MBP 2.53 GHz, Mac OS X (10.6.1), The more I think, the more I think I shouldn't think more.

Posted on Nov 6, 2009 1:17 AM

Reply
5 replies
User profile for user: MrHoffman
MrHoffman
User level: Level 10
146,281 points

Nov 15, 2009 10:03 AM in response to capaho

Here is [configuring ftp on Mac OS X Server|http://labs.hoffmanlabs.com/node/530] and some considerations and difficulties inherent in opening ephemeral ports, including [reconfiguring the ephemeral port range|http://labs.hoffmanlabs.com/node/942] on platforms including Mac OS X Server.

Easiest fix is often to switch to sftp, which shares three letters in its name and its basic purpose with ftp, but comparatively little else.
Reply
User profile for user: Jamie Kemmerer
Jamie Kemmerer
User level: Level 1
13 points

Jan 6, 2010 6:23 AM in response to capaho

SOLUTION: Mac OS X Server Admin Tools has a Firewall setting for "iTunes Radio Streams" The port range for this is 42000-42999

I enabled this and I was then able to use passive FTP.

Other symptoms for those of you searching include truncated commands in the ftp transcript. I noticed in 3 different applications that commands like:

"LIST ls -al" would get rejected with responses from the server like:

"st ls -al" command not understood

That said, my FTP daemon provided by apple in 10.5.8 is still very flaky. It exhibits traits like:
1. users being connected and showing in the FTP Overview panel, but not displaying in the connections panel
2. continued intermittent problems uploading files.
Reply
User profile for user: Jamie Kemmerer
Jamie Kemmerer
User level: Level 1
13 points

Jan 6, 2010 7:11 AM in response to Jamie Kemmerer

UPDATE: I resumed using FTP after the fix I posted and again it stopped working. After reviewing the FTP transcripts again it seems that today it is negotiating to a completely different port range than yesterday. The port range today of course is blocked.

I enabled "all traffic for any" in the firewall and ftp resumed working. So I have confirmed it is a firewall issue.

I guess I need to figure out how to configure FTP to use specific ports available per apple's default firewall config...

If anyone knows how to do this, let me know.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

FTP Passive Port Conundrum

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up