Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 11:37:44

Author Topic: FTP issue  (Read 5669 times)

0 Members and 1 Guest are viewing this topic.

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 247
  • Karma: +0/-0
    • View Profile
FTP issue
« on: 2013-02-20, 09:59:03 »
After upgrade to kloxo-mr v6.5.0.c.2013021901 I can not connect via FTP
Code: [Select]
. 2013-02-20 07:24:23.269 --------------------------------------------------------------------------
. 2013-02-20 07:24:23.269 Session name: domain.ltd@xxx.xxx.xxx.xxx (Modified stored session)
. 2013-02-20 07:24:23.269 Host name: xxx.xxx.xxx.xxx (Port: 21)
. 2013-02-20 07:24:23.270 User name: domain.ltd (Password: Yes, Key file: No)
. 2013-02-20 07:24:23.270 Tunnel: No
. 2013-02-20 07:24:23.270 Transfer Protocol: FTP
. 2013-02-20 07:24:23.270 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-02-20 07:24:23.270 Proxy: none
. 2013-02-20 07:24:23.270 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: No]
. 2013-02-20 07:24:23.270 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2013-02-20 07:24:23.270 Cache directory changes: Yes, Permanent: Yes
. 2013-02-20 07:24:23.270 DST mode: 1
. 2013-02-20 07:24:23.270 --------------------------------------------------------------------------
. 2013-02-20 07:24:23.295 Connecting to xxx.xxx.xxx.xxx:21 ...
. 2013-02-20 07:24:23.490 Connected with xxx.xxx.xxx.xxx:21, negotiating SSL connection...
< 2013-02-20 07:24:23.709 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 2013-02-20 07:24:23.710 220-You are user number 1 of 5000 allowed.
< 2013-02-20 07:24:23.710 220-Local time is now 08:54. Server port: 21.
< 2013-02-20 07:24:23.710 220-This is a private system - No anonymous login
< 2013-02-20 07:24:23.710 220-IPv6 connections are also welcome on this server.
< 2013-02-20 07:24:23.710 220 You will be disconnected after 15 minutes of inactivity.
> 2013-02-20 07:24:23.710 AUTH TLS
< 2013-02-20 07:24:23.918 234 AUTH TLS OK.
. 2013-02-20 07:24:24.430 SSL connection established. Waiting for welcome message...
> 2013-02-20 07:24:24.430 USER domain.ltd
< 2013-02-20 07:24:24.640 331 User domain.ltd OK. Password required
> 2013-02-20 07:24:24.640 PASS ***************
< 2013-02-20 07:24:24.854 230 OK. Current directory is /
> 2013-02-20 07:24:24.854 SYST
< 2013-02-20 07:24:25.062 215 UNIX Type: L8
> 2013-02-20 07:24:25.062 FEAT
< 2013-02-20 07:24:25.274 211-Extensions supported:
< 2013-02-20 07:24:25.274  EPRT
< 2013-02-20 07:24:25.274  IDLE
< 2013-02-20 07:24:25.274  MDTM
< 2013-02-20 07:24:25.274  SIZE
< 2013-02-20 07:24:25.274  MFMT
< 2013-02-20 07:24:25.274  REST STREAM
< 2013-02-20 07:24:25.274  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
< 2013-02-20 07:24:25.274  MLSD
< 2013-02-20 07:24:25.274  AUTH TLS
< 2013-02-20 07:24:25.274  PBSZ
< 2013-02-20 07:24:25.274  PROT
< 2013-02-20 07:24:25.274  UTF8
< 2013-02-20 07:24:25.274  ESTA
< 2013-02-20 07:24:25.274  PASV
< 2013-02-20 07:24:25.275  EPSV
< 2013-02-20 07:24:25.275  SPSV
< 2013-02-20 07:24:25.275  ESTP
< 2013-02-20 07:24:25.275 211 End.
> 2013-02-20 07:24:25.275 OPTS UTF8 ON
< 2013-02-20 07:24:25.485 200 OK, UTF-8 enabled
> 2013-02-20 07:24:25.485 PBSZ 0
< 2013-02-20 07:24:25.695 200 PBSZ=0
> 2013-02-20 07:24:25.695 PROT P
< 2013-02-20 07:24:25.903 200 Data protection level set to "private"
. 2013-02-20 07:24:25.907 Connected
. 2013-02-20 07:24:25.907 --------------------------------------------------------------------------
. 2013-02-20 07:24:25.907 Using FTP protocol.
. 2013-02-20 07:24:25.907 Doing startup conversation with host.
> 2013-02-20 07:24:25.910 PWD
< 2013-02-20 07:24:26.120 257 "/" is your current location
. 2013-02-20 07:24:26.124 Getting current directory name.
. 2013-02-20 07:24:26.129 Retrieving directory listing...
> 2013-02-20 07:24:26.129 TYPE A
< 2013-02-20 07:24:26.333 200 TYPE is now ASCII
> 2013-02-20 07:24:26.334 PASV
< 2013-02-20 07:24:26.543 227 Entering Passive Mode (xxx,xxx,xxx,xxx,140,110)
> 2013-02-20 07:24:26.543 LIST -a
. 2013-02-20 07:24:41.515 Timeout detected.
. 2013-02-20 07:24:41.515 Could not retrieve directory listing
. 2013-02-20 07:24:41.515 Connection was lost, asking what to do.
. 2013-02-20 07:24:41.515 Asking user:
. 2013-02-20 07:24:41.515 Lost connection. ("Timeout detected.","Could not retrieve directory listing","Entering Passive Mode (xxx,xxx,xxx,xxx,140,110)")
. 2013-02-20 07:24:46.593 Connecting to xxx.xxx.xxx.xxx:21 ...
. 2013-02-20 07:25:01.795 Timeout detected.
. 2013-02-20 07:25:01.795 Connection failed.
. 2013-02-20 07:25:01.809 Connection was lost, asking what to do.
. 2013-02-20 07:25:01.809 Asking user:
. 2013-02-20 07:25:01.809 Connection failed. ("Timeout detected.","Connection failed.")
* 2013-02-20 07:25:04.129 (ESshFatal) Lost connection.
* 2013-02-20 07:25:04.129 Timeout detected.
* 2013-02-20 07:25:04.129 Could not retrieve directory listing
* 2013-02-20 07:25:04.129 Entering Passive Mode (xxx,xxx,xxx,xxx,140,110)
* 2013-02-20 07:25:04.129 Error listing directory '/'.
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 247
  • Karma: +0/-0
    • View Profile
Re: FTP issue
« Reply #1 on: 2013-02-20, 12:23:51 »
Problem was because that some TCP port closed by my server firewall.

Which port must be open on the whole?
(other than belows:)
Code: [Select]
21 22 25 80 110 143 443 465 587 993 995 5555 7777 7778 7779
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 247
  • Karma: +0/-0
    • View Profile
Re: FTP issue
« Reply #2 on: 2013-02-20, 13:46:23 »
When CSF firewall is disable or when CSF is enable and I login by my server IP (via ssh-proxy), without any problem I can connect to FTP.
Do you know it's reason?
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 247
  • Karma: +0/-0
    • View Profile
Re: FTP issue
« Reply #3 on: 2013-02-22, 17:25:53 »
After many search I realized that this issue is related to configuring FTP to use Passive (PASV) mode connections to the server

Here is it's solution on official kloxo:
http://forum.lxcenter.org/index.php?t=msg&goto=85721&

What is the best instruction for use it on kloxo-mr?
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: FTP issue
« Reply #4 on: 2013-02-22, 18:35:56 »
Passive mod is standard for pure-ftp in Kloxo/Kloxo-MR.
« Last Edit: 1970-01-01, 01:00:00 by Guest »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 247
  • Karma: +0/-0
    • View Profile
Re: FTP issue
« Reply #5 on: 2013-02-22, 18:55:24 »
I had a problem like this:
http://forum.configserver.com/viewtopic.php?f=6&t=5073

After reading the readme.txt, I found this section:
Quote
A note about FTP Connection Issues
######################################

It is important when using an SPI firewall to ensure FTP client applications
are configured to use Passive (PASV) mode connections to the server.

On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom
built kernels) ip_conntrack and ip_conntrack_ftp iptables kernel modules may
not be available or fully functional. If this happens, FTP passive mode (PASV)
won't work. In such circumstances you will have to open a hole in your firewall
and configure the FTP server to use that same hole.

For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:
PassivePortRange   30000 35000

For example, with proftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/proftpd.conf and then restart proftpd:
PassivePorts   30000 35000

FTP over SSL/TLS will usually fail when using an SPI firewall. This is because
of the way the FTP protocol established a connection between client and server.
iptables fails to establish a related connection when using FTP over SSL
because the FTP control connection is encrypted and so cannot track the
relationship between the connection and the allocation of an ephemeral port.

If you need to use FTP over SSL, you will have to open up a passive port block
in both csf and your FTP server configuration (see above).

Perversely, this makes your firewall less secure, while trying to make FTP
connections more secure.
After this guide: (http://forum.lxcenter.org/index.php?t=msg&goto=85721&), my issue was resolved.

I just wanted to know that this instruction has no problem with kloxo-mr because you said:
Quote from: "MRatWork"
Information from lxcenter forum irrelevant for Kloxo-MR because too old and not the same approach.
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: FTP issue
« Reply #6 on: 2013-02-22, 19:08:23 »
Certain package(s) may still relevant but not for others (like web, php and mail packages).
« Last Edit: 1970-01-01, 01:00:00 by Guest »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: FTP issue
« Reply #7 on: 2013-02-22, 21:14:33 »
IPTable rules in /etc/sysconfig/iptables or /etc/sysconfig/iptables-config?
« Last Edit: 1970-01-01, 01:00:00 by Guest »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 247
  • Karma: +0/-0
    • View Profile
Re: FTP issue
« Reply #8 on: 2013-02-22, 21:21:10 »
iptables-config!
I do not need it anymore.... just open passive range on firewall and issue solved.
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.036 seconds with 21 queries.

web stats analysis