Hello, I use ISPConfig for a long time and usually and the past year I replaced my server with a more poweful one. Since I installed ISPConfig I had problems connecting using FTP from an external network. With the old server usually I used FileZilla in active transfer mode. I tried to connect with all Encrytion modes and Transfer modes but now the FileZilla does not works. Now I am using MobaXterm with the Passive mode and FTPS mode disabled and works. I used the ftptest.net tool and to get more information connecting with different protocols: Expand: Explicit FTP over TLS Status: Resolving address of XXXXXXX.XXXXXX.XXX Status: Connecting to XXX.XXX.XXX.XXX Warning: The entered address does not resolve to an IPv6 address. Status: Connected, waiting for welcome message... Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Reply: 220-You are user number 5 of 50 allowed. Reply: 220-Local time is now 18:46. Server port: 21. Reply: 220-This is a private system - No anonymous login Reply: 220-IPv6 connections are also welcome on this server. Reply: 220 You will be disconnected after 15 minutes of inactivity. Command: CLNT https://ftptest.net on behalf of 86.127.235.244 Reply: 530 You aren't logged in Command: AUTH TLS Reply: 234 AUTH TLS OK. Status: Performing TLS handshake... Status: TLS handshake successful, verifying certificate... Status: Received 1 certificates from server. Status: cert[0]: subject='C=XXX,ST=XXX,L=XXX,O=Azurite Techs,OU=XXX,CN=XXX,EMAIL=XXX' issuer='C=XXX,ST=XXX,L=XXX,O=Azurite Techs,OU=XXX,CN=XXX,EMAIL=XXX' Command: USER XXXXXXXXXXXX Reply: 331 User XXXXXXXXXXXX OK. Password required Command: PASS *********** Reply: 230 OK. Current restricted directory is / Command: SYST Reply: 215 UNIX Type: L8 Command: FEAT Reply: 211-Extensions supported: Reply: EPRT Reply: IDLE Reply: MDTM Reply: SIZE Reply: MFMT Reply: REST STREAM Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Reply: MLSD Reply: AUTH TLS Reply: PBSZ Reply: PROT Reply: UTF8 Reply: ESTA Reply: PASV Reply: EPSV Reply: SPSV Reply: ESTP Reply: 211 End. Command: PBSZ 0 Reply: 200 PBSZ=0 Command: PROT P Reply: 200 Data protection level set to "private" Command: PWD Reply: 257 "/" is your current location Status: Current path is / Command: TYPE I Reply: 200 TYPE is now 8-bit binary Command: PASV Reply: 227 Entering Passive Mode (192,168,1,99,25,49) Error: Server returned unroutable private IP address in PASV reply Expand: Implicit FTP over TLS Warning: Selected port (21) is not the default port (990) of the selected protocol. Status: Resolving address of XXXXXXX.XXXXXX.XXX Status: Connecting to XXX.XXX.XXX.XXX Warning: The entered address does not resolve to an IPv6 address. Status: Connected, performing TLS handshake... Error: TLS handshake failed: An unexpected TLS packet was received. Expand: Allow fallback to plain FTP Warning: Allowing fallback to plaintext FTP is insecure. You should use explicit FTP over TLS. Status: Resolving address of XXXXXXX.XXXXXX.XXX Status: Connecting to XXX.XXX.XXX.XXX Warning: The entered address does not resolve to an IPv6 address. Status: Connected, waiting for welcome message... Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Reply: 220-You are user number 3 of 50 allowed. Reply: 220-Local time is now 18:49. Server port: 21. Reply: 220-This is a private system - No anonymous login Reply: 220-IPv6 connections are also welcome on this server. Reply: 220 You will be disconnected after 15 minutes of inactivity. Command: CLNT https://ftptest.net on behalf of 86.127.235.244 Reply: 530 You aren't logged in Command: AUTH TLS Reply: 234 AUTH TLS OK. Status: Performing TLS handshake... Status: TLS handshake successful, verifying certificate... Status: Received 1 certificates from server. Status: cert[0]: subject='C=XXX,ST=XXX,L=XXX,O=Azurite Techs,OU=XXX,CN=XXX,EMAIL=XXX' issuer='C=XXX,ST=XXX,L=XXX,O=Azurite Techs,OU=XXX,CN=XXX,EMAIL=XXX' Command: USER XXXXXXXXXXXX Reply: 331 User XXXXXXXXXXXX OK. Password required Command: PASS *********** Reply: 230 OK. Current restricted directory is / Command: SYST Reply: 215 UNIX Type: L8 Command: FEAT Reply: 211-Extensions supported: Reply: EPRT Reply: IDLE Reply: MDTM Reply: SIZE Reply: MFMT Reply: REST STREAM Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Reply: MLSD Reply: AUTH TLS Reply: PBSZ Reply: PROT Reply: UTF8 Reply: ESTA Reply: PASV Reply: EPSV Reply: SPSV Reply: ESTP Reply: 211 End. Command: PBSZ 0 Reply: 200 PBSZ=0 Command: PROT P Reply: 200 Data protection level set to "private" Command: PWD Reply: 257 "/" is your current location Status: Current path is / Command: TYPE I Reply: 200 TYPE is now 8-bit binary Command: PASV Reply: 227 Entering Passive Mode (192,168,1,99,244,83) Error: Server returned unroutable private IP address in PASV reply I would like to fix the error and be able to use any software and FTP connection type. I use: ISPConfig 3.2.5 Ubuntu 18.04.4 Thanks
Hello Th0m, I opened the TCP 990 port on the firewall of ISPConfig. And I forwarded the TCP 990 port to the 990 internal port. Then I tested the connection with the ftptest.net tool with implicit FTP over TLS and port 990 and I get this. Expand: log Status: Resolving address of xxx.xxx.xxx.xxx Status: Connecting to xxx.xxx.xxx.xxx Error: Could not connect to server: Connection refused What else could be misconfigured?
As that says, your server told the ftp client to connect on a private/unroutable ip address; create /etc/pure-ftpd/conf/ForcePassiveIP with your public ip address in it (and ensure you have a passive port range setup, see https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/).
Hello Jesse, This is a great tutorial. I got this: Expand: Explicit FTP over TLS Status: Resolving address of xxx.xxx.xxx.xxx Status: Connecting to xxx.xxx.xxx.xxx Warning: The entered address does not resolve to an IPv6 address. Status: Connected, waiting for welcome message... Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Reply: 220-You are user number 6 of 50 allowed. Reply: 220-Local time is now 22:20. Server port: 21. Reply: 220-This is a private system - No anonymous login Reply: 220-IPv6 connections are also welcome on this server. Reply: 220 You will be disconnected after 15 minutes of inactivity. Command: CLNT https://ftptest.net on behalf of 88.10.163.43 Reply: 530 You aren't logged in Command: AUTH TLS Reply: 234 AUTH TLS OK. Status: Performing TLS handshake... Status: TLS handshake successful, verifying certificate... Status: Received 1 certificates from server. Status: cert[0]: subject='C=XXX,ST=XXX,L=XXX,O=XXXXXXX,OU=XXX,CN=XXX,EMAIL=XXX' issuer='C=XXX,ST=XXX,L=XXX,O=XXXXXX,OU=XXX,CN=XXX,EMAIL=XXX' Command: USER XXXXXXXXXX Reply: 331 User XXXXXXXXXX OK. Password required Command: PASS *********** Reply: 230 OK. Current restricted directory is / Command: SYST Reply: 215 UNIX Type: L8 Command: FEAT Reply: 211-Extensions supported: Reply: EPRT Reply: IDLE Reply: MDTM Reply: SIZE Reply: MFMT Reply: REST STREAM Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Reply: MLSD Reply: AUTH TLS Reply: PBSZ Reply: PROT Reply: UTF8 Reply: ESTA Reply: PASV Reply: EPSV Error: Carriage return without line feed received Expand: Implicit FTP over TLS Status: Resolving address of xxx.xxx.xxx.xxx Status: Connecting to xxx.xxx.xxx.xxx Error: Could not connect to server: Connection refused Do I need open the external port range 40110:40210 in the router? to wich internal port i have to forward the enternal range? Thank you
Hello, I got this result with the port range 40110:40210 opened. Expand: Explicit FTP over TLS Status: Resolving address of xxx.xxx.xxx.xxx Status: Connecting to xxx.xxx.xxx.xxx Warning: The entered address does not resolve to an IPv6 address. Status: Connected, waiting for welcome message... Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Reply: 220-You are user number 1 of 50 allowed. Reply: 220-Local time is now 21:08. Server port: 21. Reply: 220-This is a private system - No anonymous login Reply: 220-IPv6 connections are also welcome on this server. Reply: 220 You will be disconnected after 15 minutes of inactivity. Command: CLNT https://ftptest.net on behalf of 88.10.163.43 Reply: 530 You aren't logged in Command: AUTH TLS Reply: 234 AUTH TLS OK. Status: Performing TLS handshake... Status: TLS handshake successful, verifying certificate... Status: Received 1 certificates from server. Status: cert[0]: subject='C=XXX,ST=XXX,L=XXX,O=XXXXXXX,OU=XXX,CN=XXX,EMAIL=XXX' issuer='C=XXX,ST=XXX,L=XXX,O=XXXXXX,OU=XXX,CN=XXX,EMAIL=XXX' Command: USER XXXXXXXXXX Reply: 331 User XXXXXXXXXX OK. Password required Command: PASS *********** Reply: 230 OK. Current restricted directory is / Command: SYST Reply: 215 UNIX Type: L8 Command: FEAT Reply: 211-Extensions supported: Reply: EPRT Reply: IDLE Reply: MDTM Reply: SIZE Reply: MFMT Reply: REST STREAM Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Reply: MLSD Reply: AUTH TLS Reply: PBSZ Reply: PROT Reply: UTF8 Reply: ESTA Reply: PASV Reply: EPSV Error: Carriage return without line feed received Expand: Implicit FTP over TLS Status: Resolving address of xxx.xxx.xxx.xxx Status: Connecting to xxx.xxx.xxx.xxx Error: Could not connect to server: Connection refused Thank you
This is the log status of pure-ftpd-mysql. I do not see any error. In the /etc/ssl/private/pure-ftpd.pem I see a private key and a certificate. I can not find the dhparam.pem file. I am using apache, It is relevant this? Thank you
I putted my public static IP. I get this with the command: 0000000 X X . X x . X X X . X X X \n 0000016 Thank you
I am sorry. The file name should be pure-ftpd-dhparams.pem and it should be in the same folder. I do think it is needed for pure-ftpd-mysql to work properly. We even have this in ISPConfig installer_base.lib.php to ensure it is created during install or update if create SSL is chosen via the following command: Code: openssl dhparam -out dhparam2048.pem 2048; ln -sf dhparam2048.pem pure-ftpd-dhparams.pem Do you have the file?
Hello, I tested the connection with Filezilla and now works. I use FileZilla in default or active or passive transfer mode and encryptation with Explicit FTP over TSL. Thank you everyone!