diff --git a/etc/alternc/templates/proftpd/proftpd.conf b/etc/alternc/templates/proftpd/proftpd.conf
index ba48feef..c59fc67f 100644
--- a/etc/alternc/templates/proftpd/proftpd.conf
+++ b/etc/alternc/templates/proftpd/proftpd.conf
@@ -44,6 +44,12 @@ RequireValidShell		off
 TLSRSACertificateKeyFile	/etc/apache-ssl/apache.pem
 TLSRSACertificateFile		/etc/apache-ssl/apache.pem
 TLSEngine                       on
+# Use the IANA registered ephemeral port range
+# If you have a firewall, you should open this portrange 
+# (or change it)
+# since ip_conntrack_ftp cannot decrypt TLS session.
+PassivePorts 49152 65534
+
 
 <Directory /*>
         DenyAll