Hi, Since last week I studently always get connection time out every 3-10 seconds with PureFTPD on Debian 11, no matter which FTP client I use. I didn't change anything on the server except installing the Debian updates. Never had any FTP problems before. Code: Command: MLSD Error: GnuTLS error -110: The TLS connection was non-properly terminated. Status: Server did not properly shut down TLS connection Error: The data connection could not be established: ECONNABORTED - Connection aborted
Did you open your ftp passive ports? Check they are open on both your server (and router if you use one).
Do you really mean you server is connected directly to the internet with all ports opened? Because normally we have that in an ISPConfig server.
Check the logfile/journal of the pure-ftpd-mysql service there should be alot more usefull information on what is happening.
Yes that's what I meant. Open House. Code: Dec 19 01:26:46 server1 pure-ftpd: ([email protected]) [INFO] New connection from 108.99.XX.XXX Dec 19 01:26:46 server1 pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Dec 19 01:26:46 server1 pure-ftpd: ([email protected]) [INFO] myusername is now logged in Dec 19 01:26:51 server1 pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Dec 19 01:26:53 server1 kernel: [80770.006454] [UFW BLOCK] IN=ens3 OUT= MAC=96:ca:3a:d5:dc:de:2c:6b:f5:a0:67:c0:08:00 SRC=82.137.255.61 DST=78.154.XX.XX LEN=56 TOS=0x00 PREC=0x00 TTL=233 ID=5646 PROTO=ICMP TYPE=5 CODE=0 GATEWAY=192.168.17.248 [SRC=78.154.XX.XX DST=82.137.255.61 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=3395 DF PROTO=TCP INCOMPLETE [8 bytes] ]
As the connection drop happens while trying to run "MLSD" this indicates that there is an issue with the TLS configuration. In the pure-ftpd.conf or the passive.conf there should be a line with "PassivePortRange XXXXX XXXXX" make sure it's not commented. Check if that range is open in the firewall on the system with "ufw status". There should be "XXXXX:XXXXX ALOW ANYWHERE" with the same ports as the PassivePortRange from pure-ftpd's config. And make sure that these ports are "open" from the location you are using the client from. Nmap is an great tool to check "nmap -p XXXXXX yourserverip" (XXXXX must be a port from the range above). There are some more settings that should be double checked. The "TLS" Option should be set to "1". The "TLSCipherSuit" set to "HIGH". The "CertFile" usually points to "/etc/ssl/private/pure-ftpd.pem" which contains the cert and key, make sure it exists. Note that for some of these settings there are files with the exact name as the settingt itself in /etc/pure-ftpd/conf which overwrite what is set in pure-ftpd.conf IIRC, so make sure that the settings match if both exist.
The problem was my internet provider, because my friend had no problems connecting to the FTP server with passive mode. So I then called the technical hotline and tried to explain to them what an FTP was and what passive mode meant, and after 10 minutes they had enough of me and transferred me to a real technician. This guy could reproduce the problem and said they would look into it. And today the problem is gone.
