My H/W-firewall (ADSL-modem) has all ports open for outgoing, limited to incomming (as specified somewhere for ISPConfig3-documents).... When using Filezalle/ftp, everything looks / works OK. Code: .... Command: PASV Response: 227 Entering Passive Mode (114,xxx,yyy,zzz,107,125) Command: STOR 5.jpg Response: 150 Accepted data connection .... When connecting from internet (filezalla, using ftpes) I'll get error just when file-tree should be build): Code: .... Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (192,168,0,xxx,231,106) Status: Server sent passive reply with unroutable address. Using server address instead. Command: MLSD Error: GnuTLS error -53: Error in the push function. Error: Connection timed out Error: Failed to retrieve directory listing Looking from Webmin, Linux Firewall / Rules file /etc/iptables.up.rules Code: # Generated by iptables-save v1.4.8 on Sun Apr 10 08:28:17 2011 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Sun Apr 10 08:28:17 2011 # Generated by iptables-save v1.4.8 on Sun Apr 10 08:28:17 2011 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT # Completed on Sun Apr 10 08:28:17 2011 # Generated by iptables-save v1.4.8 on Sun Apr 10 08:28:17 2011 *filter :INPUT ACCEPT [5769:714402] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5599:1120142] :fail2ban-courierimap - [0:0] :fail2ban-courierpop3 - [0:0] :fail2ban-courierpop3s - [0:0] :fail2ban-pureftpd - [0:0] :fail2ban-roundcube - [0:0] :fail2ban-sasl - [0:0] :fail2ban-ssh - [0:0] :fail2ban-webmin-auth - [0:0] -A INPUT -p tcp -m multiport --dports 25 -j fail2ban-sasl -A INPUT -p tcp -m multiport --dports 80,8080 -j fail2ban-roundcube -A INPUT -p tcp -m multiport --dports 143 -j fail2ban-courierimap -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -p tcp -m multiport --dports 21 -j fail2ban-pureftpd -A INPUT -p tcp -m multiport --dports 995 -j fail2ban-courierpop3s -A INPUT -p tcp -m multiport --dports 10000 -j fail2ban-webmin-auth -A INPUT -p tcp -m multiport ! --dports 110:0 -j fail2ban-courierpop3 -A fail2ban-courierimap -j RETURN -A fail2ban-courierpop3 -j RETURN -A fail2ban-courierpop3s -j RETURN -A fail2ban-pureftpd -j RETURN -A fail2ban-roundcube -j RETURN -A fail2ban-sasl -j RETURN -A fail2ban-ssh -j RETURN -A fail2ban-webmin-auth -j RETURN COMMIT # Completed on Sun Apr 10 08:28:17 2011 What could be wrong? Both seems to be passive / 2nd irregular port .... I don't want to use ftp (only), when connecting over the internet (both connections works on intranet)
Now back to Intranet (behind 2nd router inside 1st HW-router). filezilla/ftpes (passive) (intra) filezilla/ftpes (active) (intra) (ends up to passive mode as well) Now when trying with laptop/active/www (www via N900/JoikuSpot WLAN) similar 500-error occurs. Must be that JoukuSpot (with NAT) stops incomming connection. Passive mode not working as incoming ports closed (from www) Thanks for leading me to RC, I will try to limit ports for passive modes and open same ports on HW-router.
Tried to google to change to fix pure-ftpd passive ports (to open the same in HW-router). Found hit which looked good: http://download.pureftpd.org/pub/pure-ftpd/doc/FAQ This file does not exist Code: # /usr/local/sbin/pure-ftpd -p 50000:50400 & [1] 22653 xxxx# bash:# bash: /usr/local/sbin/pure-ftpd: No such file or directory Only place I find same name of file is on /etc/pam.d/pure-ftpd (text file!). Gives error as expected... Code: /etc/pam.d# ./pure-ftpd -p 50000:50400 & [1] 22380 xxxxx:/etc/pam.d# bash: ./pure-ftpd: Permission denied Anyone with good/better ideas? Also other google-links left me blind
Debian 6 Squeeze ISPConfig3 Installation as per http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-courier-ispconfig-3 (except mail-server) and http://www.howtoforge.com/easy-roundcube-over-ssl-and-webmin-with-fail2ban-for-ispconfig-3-on-debian-squeeze (Note! Webmin used only for observation, reboot, auto-alarms)
Try this: Code: echo "50000:50400" > /etc/pure-ftpd/conf/PassivePortRange /etc/init.d/pure-ftpd-mysql restart
Code: # echo "50000:50400" > /etc/pure-ftpd/conf/PassivePortRange # /etc/init.d/pure-ftpd-mysql restart Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/PassivePortRange: "50000:50400" not two numbers #
Please see ISPConfig FAQ on how to set the passive port range: http://www.faqforge.com/linux/contr...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/ the numbers are separated by a space and not :
Thanks, space made by day.... now ftpd starts like a beauty Code: # /etc/init.d/pure-ftpd-mysql restart Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -u 1000 -H -D -8 UTF-8 -p 50000:50400 -A -Y 1 -b -E -O clf:/var/log/pure-ftpd/transfer.log -B # Also made 50000:50400 port-forward on HW-router... Now working same way from intra and www-side, happy even after
