Hello Community, Thank you for posting the amazing script Perfect Server Automated ISPConfig 3 Installation on Debian 10 and Ubuntu 20.04^ I encountered a problem with the FTP while connecting to the website profile (1.2.3.4 is example IP address): Code: Status: Connecting to 1.2.3.4:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Command: PWD Response: 257 "/" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (1,2,3,4,193,98) Command: MLSD Error: Connection timed out after 20 seconds of inactivity Error: Failed to retrieve directory listing Note: The SFTP/Shell worked fine... It turned out that at least for Ubuntu 20.04 it was necessary to add passive TCP ports to the PureFTPD configuration: Code: echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange service pure-ftpd-mysql restart Basically it adds the passive ports to the /etc/pure-ftpd/conf/PassivePortRange config file and restarts the PureFTPD. I suppose this should be added as step after the "4. Setting up the firewall" in that Perfect Server guide.... Credit goes to till in another forum thread^ Note: I suppose this has nothing to do with my IPv6 disabled config I mentioned here^.
This is why we added the function "--use-ftp-ports" which is mentioned in the guide... https://www.howtoforge.com/ispconfig-autoinstall-debian-ubuntu/#-advanced-options
When you will not be using Passive FTP. And you need to open the ports in the firewall, so setting them does not make much sense currently.
I mean I have setup that probably 90+% of people on this planet has - IPv4 behind a NAT. Lots of people don't even have access to their routers (coffee shop etc). Like I said this should be enabled by default.
Almost everyone has a firewall in front of their server, be it one on their network or one on the server itself. For a future update of the guide, I will consider adding the argument and steps to add the ports to the firewall.
That would actually be an point against your argument, as if they are running nat and don't have access to the routers, it is impossible to configure passive ftp to work, so why set it up? I believe a set of ports is in the default range now, but the firewall is not enabled by the installer (and previous discussion indicated that would not be done).