Greetings; I am running a downloaded OVA (The Perfect Server - Ubuntu 18.04 (Nginx, MySQL, PHP, Postfix, BIND, Dovecot, Pure-FTPD and ISPConfig 3.1) as ready to use virtual machine image download in ovf/ova format, compatible with VMWare and Virtualbox.) that is Ubuntu with Pure-FTP. The VM is running behind a pfsense firewall. No issues getting to the webserver, and the rules are in place to allow passthrough of port 21 for ftp. When the ftp client connects to the external IP address that is NAT'd through the firewall, the connection completes, but then times times out Below is what the client see's. I've tried several suggestions found in the forums but no success. please let me know if you have any ideas or suggestions! I have tried both connection types (normal and passive) with no difference. Thank you in advance! Bob << Connection : 1 >> << Date Time : 11/4/18 9:14:01 PM >> 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 03:13. Server port: 21. 220-This is a private system - No anonymous login 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. USER cipoftptigadmin 331 User cipoftptigadmin OK. Password required PASS ************ 230 OK. Current restricted directory is / SYST 215 UNIX Type: L8 OPTS UTF8 ON 200 OK, UTF-8 enabled CWD / 250 OK. Current directory is / PWD 257 "/" is your current location TYPE A 200 TYPE is now ASCII PASV 227 Entering Passive Mode (172,16,0,100,145,45)
The firewall blocks the passive port range of the FTP daemon. Please configure a passive port range in pure-ftpd, restart it, and then open the same ports in your firewall (amd ensure that your NAT router forwards these ports to the server). https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/
I tried this, but when i enter this line: echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange I get permission denied if i try: sudo echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange I get the same message. On the firewall I have created a rule to pass ports 30110-40210 to the server (in advance of figuring out the above problem) and will enable once i can get it to work. thanks! Bob
now don't I fell silly! Thank you very much till! This worked perfectly. now on to my next challenge, expanding the drive Bob
Good Morning (for those of you in EST) This has been working fine for me, however i have users who still experience the time out when fetching directories even when we have them use passv mode. any suggestions would be appreciated! Thanks bob
maybe the passive port range in the firewall does not match 100% with the range configured in pure-ftpd?
I've checked, we are using pfSense for the firewall and i've set up ports as described above copy and paste below: Destination Port Range From Other Custom 40110 To Other Custom 40210 Specify the destination port or port range for this rule. The "To" field may be left empty if only filtering a single port. Perhaps as this was a prebuilt image there is a firewall on it that I need to address?
