Hi...! i need some help please... I was searching a lot in the forum about my problems, i tried all the solutions given to another users with no success, i have two big problems. I have an ISPConfig 3.0.5.4p8 Installation on Ubuntu Server 15.04 i followed the Perfect Server tutorial, at first all was OK i was using only one site with an IP address instead a domain for testing. Since today i have this problems: When i try to login via FTP to the only user of the only site in my installation i get an "Failed to retrieve directory listing" on Filezilla, i tried the solutions in this posts with NO SUCCESS: https://www.howtoforge.com/community/threads/pure-ftpd-failed-to-retrieve-directory-listing.65942/ https://www.howtoforge.com/community/threads/pure-ftpd-passive-ports-setup.52838/ https://www.howtoforge.com/community/threads/ftp-cant-access-folder.70080/ (here it says to open the ports on my firewall, ON ISPCONFIG when i try to add a new Firewall RULE and open 20,21,22,25,53,80,110,143,443,587,993,995,3306,8080,8081,10000,50000:50100 PORTS i get totally blocked, i cannot even access the web interface of ISPCONFIG or ftp, or nothing. i used THIS Tutorial to get access again and remove the firewall RULE https://www.howtoforge.com/community/threads/ispconfig-3-firewall-problem.61808/) I still have the same error, cannot list the root directory of the account, SOMETIMES it get pass, but when i try to enter any folder again cannot list "Failed to retrieve directory listing". On Filezilla detailed log the error comes after the "Command: MLSD" This is driving me crazy, thanks for your help, after solve this problem i will ask for the other please. i dont want to mix the problems. Regards!
The passive ports of pure-ftpd are blocked by a firewall, either on the server or in front of the server.
thanks for the response when i open the bastille ports ON ISPCONFIG when i try to add a new Firewall RULE and open 20,21,22,25,53,80,110,143,443,587,993,995,3306,8080,8081,10000,50000:50100 PORTS i get totally blocked from using the Server, i cannot even access the web interface of ISPCONFIG or ftp, or nothing. even after restart the server. to be able to use again the server i use this instructions for remove the firewall rule: im doing wrong when adding the firewall rules? thanks.
Mane you have a virtual server that does not support the firewall. Normally you don't need a firewall as your server is only running services that shall be accessible anyway when you followed the perfect setup.
im not in a virtual server, i have a dedicated server with the ispconfig installation and the problems started just yesterday, but im going to try without firewall, can you tell me please how i complety disable the bastille firewall? or the firewall is already disabled if there is no rules? thanks
I don´t think, that mysql should be accessible for everyone from the outside. The most setups change the listen-statement for mysqld (i never understand, why you recommend this). And you can use firewell to control the outgoing traffic to block some ports or allow ports for spec. users only. If you run your server without a firewall you can´t use fail2ban (or any better blocking-solutions for unwanted ips), too.
If you don't want to have MySQL listeining on the external port and your customers don't use any MySQL tools for database modeling, then you can configure it in the my.cnf file. No need to set or edit a firewall setting for that. MySQL handles authentication based on the host, so if a mysql username is configured in ispconfig to listen only on localhost, then it can't be used from outside. The reason that MySQL listens on all interfaces is that there are plenty of MySQL desktop tools available out there for database access, backup and modeling, so when you disable mysql to listen on all interfaces, then the option in ispconfig to make a database accessible from outside won't work anymore and your customers wont be able to use their desktop MySQL tools. Thats just wrong. Fail2ban does not require bastille and it does not require UFW. It sets its own firewall rules with iptables and I did not say anywhere to delete the iptables package. Btw, fail2ban works even without iptables as it can use the route comand, but thats maybe a bit outside of this thread topic.
I know how mysql can handle the conections. But i would never trust, that will work in every cases. I prefer to allow access to the mysqld for a very limited range of ip´s. If you need access from a desktop-app to myql, you can also a vpn. And iptables is not a firewall? You wrote: "Normally you don't need a firewall". And i think, that iptables is a firewall and if you want to use f2b, you need iptables. But it´s the same a with mysql: i limit acces s to mysql using iptables but i did not use f2b. There are much better ways to drop unwanted connections.
That might work if you have just a few corporate clients so that you can configure a vpn for each of them. If you have hundreds or thousands of clients that e.g. use tools like Adobe Dreamwever and don't have fixed IP addresses then you will get into trouble with your approach. I'm talking about an ISPConfig firewall, there are currently 2 options available in ISPConfig: Bastille and UFW. I'm not talking about kernel modules. You can easily confirm that in the perfect server guides, I don't uninstall iptables in any of the guides Not really, I've written a tutorial on that a few years ago: http://www.faqforge.com/linux/contr...ute-instead-of-iptables-to-block-connections/ But the perfect server gudies have iptables installed and fail2ban uses this kernel module.
Thanks for your responses, Today i figured it out the solution, (sometimes the solutions to the big problems are so stupid...) the problem was that my router was blocking the passive ports, the problem was not on the server. i used another connection and the ftp work without problems. Thanks again.
My second question is the next: I have an "IP1" for the ISPConfig server, i have only one site on the installation, first i created a SITE with domain "IP1"(same ip of the server), and when i go to: http://"IP1" i can see the site with no problems then i set the domain to "DOMAIN.COM", and in another server with "IP2" that is the DNS server where i have the "DOMAIN.COM" i changed the "WWW" record to "IP1". now when i go to "DOMAIN.COM" or "IP1" i only see the Apache Default Web Page not even a ISPConfig default page, i want to see mi SITE there. what im doing wrong? Thanks soo much for your support!
Hi again, i solved the problem using this response from another post: now i cannot install the SSL Certificate for the Site, even i installed in the SSL Section on the Site when i try to navigate to HTTPS://MYSITE it gives me an ERR_SSL_PROTOCOL_ERROR on Chrome. its because the 000 domain name? thanks.