Introduction

When using FTP or FTPS on a cPanel server, Pure-FTPd manages all FTP connections.
However, improper passive mode configuration or firewall restrictions often cause connection failures such as:

1. FTP login succeeds but directory listing fails
2. FileZilla shows “ETIMEDOUT” or “Failed to retrieve directory listing”
3. FTP freezes after login
4. Repeated login attempts in Pure-FTPd logs
5. Error: 421 Too many connections (8) from this IP

This guide explains how to properly configure Pure-FTPd passive mode on AlmaLinux 8 with cPanel, ensuring stable and secure FTP connectivity.

Prerequisites
1. Root SSH access to the server
2. cPanel / WHM installed
3. Pure-FTPd enabled
4. CSF (ConfigServer Firewall) active
5. Public IP address of the server
Step 1:
Identify the Issue from FTP Logs
Check the FTP logs for symptoms:

Typical problematic logs:

Step 2:
Create Pure-FTPd Configuration Directory
On many cPanel servers, the Pure-FTPd config directory does not exist by default.

Create it manually:

Verify:

Step 3:
Configure FTP Data Ports
Set a fixed port range for FTP data connections.

Verify:

Expected output:

Make sure this port range is allowed in your firewall settings so FTP connections work correctly.
Note:
The port range shown is an example. You may configure a different passive port range based on your server and firewall setup.
Step 4:
Set the Public IP for Passive Mode
Pure-FTPd must advertise the correct public IP to clients.

Example:

Verify:

Step 5:
Restart Pure-FTPd Service
Apply the changes:

Confirm service status:

Step 6:
Open Passive Ports in CSF Firewall
Edit CSF configuration:

Update or confirm:

Apply firewall changes:

Step 7:
Verify FTP Connectivity
From a client (FileZilla / WinSCP):
1. Protocol: FTP
2. Encryption: Require explicit FTP over TLS=
3. Transfer Mode: Passive
4. Port: 21
You should now see:
1. Immediate directory listing
2. No timeout
3. Stable file transfers