I installed ISPConfig in November 2006 (Mandrake 2006 - perfect setup). Well - some mail and DNS related issues but this has been solved manually ;-) Then I decided to install a CRON-job to look for updates automatically....and here began the trouble: I cannot login into FTP more (neither via ISPConfig-Admin nor with a FTP-Client). It has something to do with the "auto-update" (I have it disabled now). Well, it looks like if I have to downgrade the ProFTP. My question is: HOW to downgrade without to break the ISPConfig - configuration ?
I think its not nescessary to downgrade proftpd as all proftpd versions should be compatible with ISPConfig. Please have a look if your last proftpd update has replaced the proftpd.conf file and left a copy of the old configuration in the same directory which you can compare to the new config. Please post the output of: netstat -tap | grep ftp and ps aux | grep ftp
Hi Till, thanks for your answer. The outputs are: --------------- cut ----------------- > netstat -tap | grep ftp tcp 0 0 *:ftp *:* LISTEN 29701/proftpd: (acc and > ps aux | grep ftp nobody 29701 0.0 0.5 5660 2580 ? Ss Apr08 0:00 proftpd: (accepting connections) root 11928 0.0 0.2 2204 1024 ? R 09:05 0:00 sh -c (ps aux | grep ftp) 2>&1 root 11929 0.0 0.2 2204 1040 ? R 09:05 0:00 sh -c (ps aux | grep ftp) 2>&1 ------------- cut ------------------ It seems, that the command netstat -tap | grep ftp outputs incomplete data ..
That's normal. FTP seems to be running. Is FTP allowed in the firewall? What's the output of Code: iptables -L ? Are there any errors in your logs?
Output of Iptables -L --------------------- cut ---------------------- > iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ------------------------ cut ------------------------------ and yes. ftp is allowed in the firewall ... and it was running before very well, but now I cannot more access FTP neither outside nor locally (and this has something to do with the auto-update..). Sometimes I have a strange log in syslog: -------------- cut -------------------- Apr 10 10:30:00 mail proftpd[8538]: mail.myname.net (mail.myname.net [127.0.0.1]) - FTP session opened. Apr 10 10:30:00 mail proftpd[8538]: mail.myname.net (mail.myname.net [127.0.0.1]) - invalid CommandBufferSize size (0) given, resetting to default buffer size (512) Apr 10 10:30:00 mail proftpd[8538]: mail.myname.net (mail.myname.net [127.0.0.1]) - FTP session closed. ----------------cut -----------------------
Hi Falko, here is the output of /etc/proftpd.conf -------------------- cut ---------------------- > cat /etc/proftpd.conf # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD CommerceDAT" ServerType standalone DefaultServer on # Allow FTP resuming. # Remember to set to off if you have an incoming ftp for upload. AllowStoreRestart off # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 # Set the user and group under which the server will run. User nobody Group nogroup # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on # Bar use of SITE CHMOD by default # <Limit SITE_CHMOD> # DenyAll # </Limit> # Needed for NIS. PersistentPasswd off # Default root can be used to put users in a chroot environment. # As an example if you have a user foo and you want to put foo in /home/foo # chroot environment you would do this: # # DefaultRoot /home/foo foo DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready." Include /etc/proftpd_ispconfig.conf --------------------- cut -----------------------------
I have made this too. I upgradet my Proftpd and now ist is no longer runnin. I need some quick help. My System is an Debian Sarge System with ISPConfig. I can not find anything in my logs.
..and,.. i forgot: the /etc/proftpd_ispconfig.conf: -------------------- cut ------------------------- > cat /etc/proftpd_ispconfig.conf ################################### # # ISPConfig proftpd Configuration File # Version 1.0 # ################################### DefaultAddress 127.0.0.1 <VirtualHost 10.0.0.101> DefaultRoot ~ AllowOverwrite on Umask 002 </VirtualHost> <VirtualHost 192.168.0.101> DefaultRoot ~ AllowOverwrite on Umask 002 <Anonymous /var/www/web1/ftp> User web1_anonftp Group web1_anonftp UserAlias anonymous web1_anonftp UserAlias guest web1_anonftp MaxClients 10 <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> <Directory /var/www/web1/ftp/incoming> Umask 002 <Limit STOR> AllowAll </Limit> <Limit READ> DenyAll </Limit> </Directory> </Anonymous> </VirtualHost> ----------------------- cut -----------------------
..Hi falko, ..yes.. I think so. I will guard the proftp.conf and downgrade to the original version of the Mandriva 2006 CD ..
A cue for you - the log cheated I've just experienced similar thing as you. I failed to run "urpmi" with message after updated proftpd.conf: But I overlooked the "access denied" and went to check log message, which showed the same strange triplet as you: I started snort to check the packets and found it's indeed some "Permission denied" condition. So I suggest that you check again the error message in your ftp client. It's quite probable an access permission problem.
FTP - the solucion ? Well, as I wrote before I deleted the FTP and installed it again (of course with the config-fies backed up). AND YES .. I could access the sites with the built-in FTP-access in the administration-panel. BUT .. ftp-access via Kbear didnt run (OS Linux). I gave it a try and installed GFTP .. and YESSS .. it runs ok. I did not test it with windows-FTP-clients .. but if there is a connecting-problem I think its worth to try another FTP-client.
