This is most often a problem for people that are using IPTables and have their server locked down to only allow specific connections to specific locations. Passive mode works by opening ports on the fly for the client, as you can imagine this doesn't work too well if you're using IPTables and only allowing connections to your server on certain ports.
If you're wondering if this is the exact issue you're having then it's easy to spot. With this specific problem you'll find that you can connect via FTP, but the moment your FTP client switches to passive mode (i.e. to get a directory listing or download a file) it will just hang and then time-out.
To fix this, we need to load the IPTables connection tracker module that keeps track (hence the name) of connections the server is opening, allowing things such as Passive Mode to work.
Assuming you've already allowed access to port 21 on your server then all you need to do is run the following command:
This loads the module with immediate effect. You should now be able to connect without problem.
If you want the module to load automatically after reboot then you need to alter your IPTables configuration file (normally /etc/sysconfig/iptables-config
) and then modify the IPTABLES_MODULES
line to include this module, so you'll end up with a line in the config file that looks like this: