ProFTPD/VsFTPd behind NAT (Router) - What you must known before crying

  • Dear community,

    Since i-MSCP 1.2.12, there is a new setup dialog asking you which port range you want use for the FTP server. If your're behind a NAT, you should in order:

    • Restrict this port range such as 33000 to 33500
    • Forward any traffic for these ports to your server (WAN ---> traffic to those ports ---> Your server which is inside your LAN). This can be achieved through your firewall or your router, depending on your infrastructure.

    Also, since 1.2.12, a new parameter MasqueradeAddress is added into the /etc/proftpd/proftpd.conf configuration file when you are behind a NAT (there is also an equivalent for VsFTPd) . You must ensure that the public IP address set during the setup matches your WAN IP address. If needed, you can reconfigure that IP address by running perl /var/www/imscp/engine/setup/imscp-setup -dar ips and then, when you're asked, select your private IP address and in next dialog, enter your public IP address.

    You must also configure your FTP clients for use of passive mode.

    I would also remember that i-MSCP tends to be used by professional ISPs. If you use i-MSCP at home with a dynamic IP, no support will be given. Running i-MSCP with such setup is possible but require some tuning on your side. One of major problem when using a dynamic IP is that when that IP change, i-MSCP is not aware, leading to problems as exposed in that thread.

    Note: I made this post following many users that are complaining because they cannot longer connect to FTP server, or because the listing of directories is slow. PLEASE, just fix your SETUP.