If you are using proftpd FTP server together with iptables firewall, which is the case if you for example are using ISPconfig, you will probably have problems using FTP against your server in passive mode. The problem is that the iptables firewall will not allow the incoming connections in passive mode.
The solution is to configure proftpd to use a small, defined range of incoming ports and open iptables for this range.
1. Edit /etc/proftpd/proftpd.conf and uncomment the line #PassivePorts. If you are using VirtualHost (which is the case if you are running proftpd with ISPconfig), you must set the <global> and </global> tag around this line.
<global> # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 PassivePorts 50000 50030 </global>
2. If you are using ISPconfig it can be a good idea to also put the following lines inside the <global> and </global> tags as they otherwise will not affect your VirtualHost that ISPconfig has set up for you.
<global> # If set on you can experience a longer connection delay in many cases. IdentLookups off DefaultRoot ~ ServerIdent on "FTP Server ready." </global>
3. Restart proftpd by issuing the command:
# /etc/init.d/proftpd restart
4. Edit you iptables config so it includes the following:
iptables -A INPUT -p tcp -m tcp --dport 50000:50030 -j ACCEPT
5. Reload iptables