I ran into this the other day. The problem appears to be only applicable when using Passive mode through a NAT (Network Address Translation). When this happens, the FTP connection can not be made for two reasons:
Basically NAT says “if something is coming in on these ports, send it to that internal IP address.” This is one way of having multiple servers sharing an IP address.
This can be fixed by using the -P (“passive IP address”) and the -p (“limit port range for passive”) options for pureftpd when you start it up.
Debian has drunk the “autoconfig” cool-aid for pure-ftpd. The configuration files are actually single files in /etc/pure-ftpd/conf/. Unfortunately, all the options are not well documented, so you have to read teh script in /usr/sbin/pure-ftpd-wrapper to figure out what all of the options are.
# Set passive port range. Don't forget to add this to your router's NAT definition echo "29799 29899" > /etc/pure-ftpd/conf/PassivePortRange # set the public IP of your ftp server (replace xx.xx.xx.xx with your IP) echo "xx.xx.xx.xx" > /etc/pure-ftpd/conf/ForcePassiveIP # restart pure-ftpd service pure-ftpd-mysql restart
Once this is done, you'll need to go into your router and add the range of ports in PassivePortRange to the forwarder. After that, passive mode will work.
NOTE: it is very normal to see some ftp clients have a problem, and others not. For example, FileZilla will barf if passive mode doesn't work, but other clients will automatically detect that passive is not working and change to Active mode. Also, another way around it is to always use Active mode.