• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Cannot get ProFTPD working

kiav

kiav

Basic Pleskian
Plesk 12.5.30 WEB Admin Edition on CentOS 6.1
FileZilla 3.14.1 as a client.
External (white) fixed IPv4.

I get an error:
Code: 
02:10:39   Status:   Resolving address of example.com
02:10:39   Status:   Connecting to 1.2.3.4:21...
02:10:39   Status:   Connection established, waiting for welcome message...
02:10:39   Status:   Initializing TLS...
02:10:40   Status:   Verifying certificate...
02:10:40   Status:   TLS connection established.
02:10:40   Status:   Connected
02:10:40   Status:   Retrieving directory listing...
02:11:00   Command:   PWD
02:11:00   Response:   257 "/" is the current directory
02:11:00   Command:   TYPE I
02:11:00   Response:   200 Type set to I
02:11:00   Command:   PORT 192,168,10,2,209,84
02:11:00   Response:   200 PORT command successful
02:11:00   Command:   MLSD
02:11:00   Error:   Connection timed out after 20 seconds of inactivity
02:11:00   Error:   Failed to retrieve directory listing

I never saw a directory listing.

In /var/log/messages:
Code: 
Oct 26 01:47:38 mybirds xinetd[1917]: START: ftp pid=5662 from=::ffff:31.135.228.80
Oct 26 01:47:38 mybirds proftpd[5662]: processing configuration directory '/etc/proftpd.d'
Oct 26 01:47:38 mybirds proftpd[5662]: 127.0.0.1 (31.135.228.80[31.135.228.80]) - mod_delay/0.7: unable to open DelayTable '/var/proftpd.delay': No such file or directory
Oct 26 01:47:38 mybirds proftpd[5662]: 127.0.0.1 (31.135.228.80[31.135.228.80]) - FTP session opened.


I already tried to set up passive ports in Global section of /etc/proftpd.conf as told in KB:
Code: 
PassivePorts 57000 58000

Code: 
# lsmod | grep ftp
nf_nat_ftp  3443  0
nf_nat  22676  1 nf_nat_ftp
nf_conntrack_ftp  11953  1 nf_nat_ftp
nf_conntrack  79206  6 nf_nat_ftp,nf_nat,nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state


And manually added all ports into iptables:
Code: 
# iptables -I INPUT 5 -m state --state NEW -p tcp --dport 57000:58000 -j ACCEPT
# iptables -I INPUT 5 -m state --state NEW -p tcp --dport 990 -j ACCEPT
# iptables -I INPUT 5 -m state --state NEW -p tcp --dport 20 -j ACCEPT
# iptables -I INPUT 5 -m state --state NEW -p tcp --dport 21 -j ACCEPT

# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target  prot opt source  destination
1  ACCEPT  all  --  anywhere  anywhere  state RELATED,ESTABLISHED
2  ACCEPT  icmp --  anywhere  anywhere
3  ACCEPT  all  --  anywhere  anywhere
4  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:ssh
5  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:ftp
6  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:ftp-data
7  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:ftps
8  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpts:57000:58000
9  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:http
10  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:https
11  ACCEPT  tcp  --  anywhere  anywhere  state NEW tcp dpt:pcsync-https
12  REJECT  all  --  anywhere  anywhere  reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target  prot opt source  destination
1  REJECT  all  --  anywhere  anywhere  reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target  prot opt source  destination


I even manualy reinstalled psa-proftpd.

What is the reason?
 
I found solution.

For sure I set passive ports acording admin guide (port range 49152:65534 and xinetd restart).
Then I forwarded port for active mode as told in FileZilla docs.

I guess that Active Mode is working for me.
 
You must log in or register to reply here.

Similar threads

Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
2K
Liwindo
Liwindo
Sailorhost
Question IPv6 unreachable
Replies
4
Views
2K
Sailorhost
Sailorhost
M
Issue FTP behind VPN - Connect it via Local IP
Replies
0
Views
3K
Mutate2546
M
Azurel
Forwarded to devs Plesk fail2ban jails and iptables not working correctly [SECURITY ISSUE?]
Replies
4
Views
3K
Azurel
Azurel
Brujo
Resolved Plesk Firewall ip6tables
Replies
6
Views
3K
Brujo
Brujo
Back
Top