# Login FTP with public IP behind the firewall



## cesjr (Mar 6, 2017)

Hi
I have recently install a pure-ftpd server and set a specific port number, I can connect in my LAN ,but when I using public IP , it always failed.

As I know ,pure-ftpd using passive mode to generate random port more than 1023 for listening data connection , but my server was behind firewall and using NAT to forward service. Other service like apache / postfix is working fine , So how should I solved this problem ?

Connect with command line like `telnet` *public IP* with no problem ,however by web or filezilla did not work.

```
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 30 allowed.
220-Local time is now 17:13. Server port: 6121.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
```


----------



## SirDice (Mar 6, 2017)

FTP is notoriously tricky when it comes to firewalls. This is compounded by the fact you're trying to hairpin. 

You will need to test the connection from _outside_ your network. Connecting from the _inside_ to the _outside_ addresses is simply not going to work without some hairpin NAT trickery.


----------



## cesjr (Mar 7, 2017)

Thanks. I will try from outside network.
I found a solution below but I have not try.
I think this will be work.

```
set  PassivePortRange "40110 40210"  or anything you want in [file]pure-ftpd.conf[/file]
/usr/local/etc/rc.d/pure-ftpd restart
```
Then open 40110 to 40210 on firewall .


----------

