Pure-FTPd error “500 I won’t open a connection to <IP ADDRESS>” OR “Server sent passive reply with unroutable address. Using server address instead.”

This happens when the server is beyond a NAT like the Amazon EC2. The most posted solution on the internet is to fallback to “Passive” mode in the FTP client. But in my case that didn’t help and still I got the same error. After more digging found the solution.

Need to create two files ForcePassiveIP and PassivePortRange and put the port range and the Public IP of the server.

echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange 

echo "1.2.3.4" > /etc/pure-ftpd/conf/ForcePassiveIP

1.2.3.4 is the external IP address of the EC2 instance.

Didn’t make any changes to /etc/pure-ftpd/pure-ftpd.conf. Specially didn’t restrict or set the “IPv4 Only “. With IPv4 only I face problems with some internet connections which uses IPv6.

Settings for FileZilla

Encryption: require explicit FTP over TLS
Transfer mode: Passive (PASV)

Restart Pure-FTPd. The command may vary based on which package has been used.

service pure-ftpd-mysql stop
service pure-ftpd-mysql start

Hope this helps someone.