I rarely use proftpd but, it has been working fine for years on my ISPConfig2 box. Today I tried to connect and the connection times out. Here are results in /var/log/messages Code: Apr 22 00:02:05 mbshop2 proftpd[18652]: mbshop2.peachparts.com (::ffff:127.0.0.1[::ffff:127.0.0.1]) - FTP session opened. Apr 22 00:02:05 mbshop2 proftpd[18652]: mbshop2.peachparts.com (::ffff:127.0.0.1[::ffff:127.0.0.1]) - FTP session closed. proftpd is running. Here's proftpd.conf: Code: # This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $ ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost ServerType standalone #ServerType inetd DefaultServer on AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off # Use this to excude users from the chroot DefaultRoot ~ !adm IdentLookups off ServerIdent on "FTP Server ready." # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off UseReverseDNS off # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # Default to show dot files in directory listings ListOptions "-a" # See Configuration.html for these (here are the default values) #MultilineRFC2228 off #RootLogin off #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP # Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20 # Set the user and group that the server normally runs at. User nobody Group nobody # Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile no # This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score # Normally, we want users to do a few things. <Global> AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit> </Global> # Define the log formats LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" # TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log # SQL authentication Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details. #<IfModule mod_dso.c> # LoadModule mod_sql.c # LoadModule mod_sql_mysql.c # LoadModule mod_sql_postgres.c #</IfModule> # A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftp # DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous> DefaultRoot ~ Include /etc/proftpd_ispconfig.conf
More info... I seem to be getting segfaults: Code: Apr 22 11:15:22 mbshop2 kernel: php[13394]: segfault at 00007fff3a6feff8 rip 0000000000670b30 rsp 00007fff3a6ff028 error 6 Apr 22 11:17:33 mbshop2 kernel: php[14160]: segfault at 00007fffacfcbfd8 rip 000000000068f1eb rsp 00007fffacfcc028 error 6 Possibly a hardware problem? In addition, I had to turn off my dkim and dk milters because they were unable to connect: Code: NOQUEUE: milter-reject: EHLO from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=SMTP NOQUEUE: milter-reject: MAIL from localhost.localdomain[127.0.0.1]: 451 4.7.1 Service unavailable - try again later; proto=ESMTP helo=<localhost> I think all of these problems are related somehow.
Port 21 not open? I just ran a port scan of my server and port-21 is showing closed even though it shows open in ISPConfig2. Here's the output from iptables -L Code: Chain INPUT (policy DROP) target prot opt source destination DROP all -- localhost anywhere ACCEPT tcp -- 98.d2.7bae.static.theplanet.com/29 anywhere tcp dpt:smtp ACCEPT tcp -- 208.65.144.0/21 anywhere tcp dpt:smtp ACCEPT tcp -- 208.81.64.0/22 anywhere tcp dpt:smtp DROP tcp -- anywhere anywhere tcp dpt:smtp DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination DROP all -- localhost anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (9 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (4 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:hosts2-ns PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:submission ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:fujitsu-dtcns DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere
ISPConfig not updating firewall Ok, if i stop the Bastille firewall ( /etc/init.d/bastille-firewall stop ) I can connect via FTP. The weird thing is that ISPConfig still shows the firewall "Online" even though it is stopped. When I restart the firewall ( /etc/init.d/bastille-firewall start) I cannot connect via FTP. Even though ISPConfig shows that FTP Port-21 is open. The problem appears to be that ISPConfig is not changing the status of the firewall. I can turn ports on or off and even turn the firewall off in ISPConfig and nothing really changes even though ISPConfig indicates that it did.
ISPConfig not updating firewall I ran more tests and found that changing a port from active to not active in ISPConfig does indeed change the status in the ispconfigdb isp_firewall dienst_aktiv from ja to nein. So the MySQL updates are working. The problem is that the Bastille firewall never get updated. No iptables rules are being changed. If I run iptables -L before making a firewall change in ISPConfig and then again after the change, I get exactly the same result. No iptables change. How to fix???
No. When I open Port-21 in ISPConfig, it never gets added to this line: Code: TCP_PUBLIC_SERVICES="22 25 53 80 81 110 443 587"
Segmentation fault Falko- Running writeconf.php results in a segmentation fault: Code: [root@mbshop2 ~]# /root/ispconfig/php/php -q /root/ispconfig/scripts/writeconf.php start Segmentation fault ispconfig.log only shows these entries: Code: 23.04.2010 - 16:45:51 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 137: cp -fr /etc/postfix/local-host-names /etc/postfix/local-host-names~ 23.04.2010 - 16:45:51 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 284: cp -fr /etc/postfix/virtusertable /etc/postfix/virtusertable~ 23.04.2010 - 16:45:51 => INFO - /root/ispconfig/scripts/lib/classes/ispconfig_postfix.lib.php, Line 289: postmap hash:/etc/postfix/virtusertable 23.04.2010 - 16:45:51 => INFO - /root/ispconfig/scripts/lib/config.lib.php, Line 1268: cp -fr /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf /etc/httpd/conf/vhosts/Vhosts_ispconfig.conf~ The segfault appears to happen at this step in writeconf.php: Code: //Firewall-Konfiguration $isp_web->make_firewall();
Fixed! A big thanks to crypted for his help! The solution was as follows: 1) Make sure the permissions are correct on the folders bind uses: Code: chmod 755 /var/named/ chmod 775 /var/named/chroot/ chmod 775 /var/named/chroot/var/ chmod 775 /var/named/chroot/var/named/ chmod 775 /var/named/chroot/var/run/ chmod 777 /var/named/chroot/var/run/named/ cd /var/named/chroot/var/named/ ln -s ../../ chroot 2) Check the Server Settings in ISPConfig Go to Management > Server > Settings Click on the DNS tab These settings must be as follows: Code: named.conf: /var/named/chroot/etc/named.conf Zonefiles Dir.: /var/named/chroot/var/named Life is good again!
