I have some issues with ftp... when i login internal it works fine but when i login external i cant connect... Filezilla says: (1555 is rerouted to 21 by my router) Status: Verbinden met [domain IP]:1555... Status: Connection made, waiting for welcome message... Status: TLS initializing... Status: checking certificate.... Status: TLS-connection made. Status: Connected Status: Getting folder list... Opdracht: PWD Antwoord: 257 "/" is your current location Opdracht: TYPE I Antwoord: 200 TYPE is now 8-bit binary Opdracht: PASV Antwoord: 227 Entering Passive Mode (1,1,1,10,207,196) Opdracht: MLSD Fout: GnuTLS-error -110: The TLS connection was non-properly terminated. Status: Server has closed connection abnormaly Fout: dataconnection closed: ECONNABORTED - connection closed Sorry if some things are translated weird... Its probably some port forward thing... but i dont know what ports are used when going pasive mode... when i connect locally it doesnt go pasive... and i cant find a ports list somewhere... The only port forwarded at the moment is: (external)1555 -> 21(internal)
i didnt have the PassivePortForward file... i guess thats why i coulndt find it in other files... i made the file and wrote in it the ports...restarted the service and then added the ports to the firewall... after the firewall rule, everything was down... i had to flush iptables and disable bastille-firewall to even get something running again... for now im trying out ufw... it has forwarded the ports i need but ftp still isnt working externally... if i try with canyouseeme.org the ports 40110:40210 dont have services running... now it can be that this is normal because it could be that pure-ftp only opens then when needed...
Yes, that's normal. The instructions that I posted are for Debian and Ubuntu, this matches your OS? Did you forward the port range in your router as well? Which error do you get now in your ftp client, it is possible that you have to set a passive IP as well?
I have forwarded in ispconfig: 20,21,22,25,53,80,110,143,443,587,993,995,3306,8080,8081,10000,40110:40210 53,3306 in my router (PFsense): (i know ispconfig can use more ports but so far i just needed these) 21,25,80,443,587,993,8080,8081,40110-40210 i tried with forwarding 20 as well but made no difference... Im running Ubuntu 15.10 Its still the same message, after going passive mode i get the error and the connection gets closed...this is on ftp and on ftpes
The ispconfig firewall just opens and closes posrts, it does not fowrad them as its a local firewall. Please turn off the ispconfig firewall, it is not needed when you run a second firewall in front of your server. After you disabled the ISPConfig firewall, please post the output of: netstat -tap | grep ftp and iptables -L and test if FTP works when you select active ftp mode in your ftp client.
Still no go ... here are the outputs root@webserver1:/home/sander# netstat -tap | grep ftp tcp 0 0 *:ftp *:* LISTEN 1552/pure-ftpd (SER tcp6 0 0 [::]:ftp [::]:* LISTEN 1552/pure-ftpd (SER root@webserver1:/home/sander# root@webserver1:/home/sander# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain f2b-dovecot-pop3imap (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain f2b-postfix-sasl (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain f2b-pureftpd (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain f2b-sshd (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination Chain ufw-after-logging-forward (1 references) target prot opt source destination Chain ufw-after-logging-input (1 references) target prot opt source destination Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination Chain ufw-before-input (1 references) target prot opt source destination Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination root@webserver1:/home/sander#
Seems as if you run ufw firewall. Try to turn it off with: ufw disable command and test again. I dont see rules that block traffic, just want to be sure. And does active php mode is not working?
i disabled ufw and still it doesnt want to work... is there a tool to check what passive ports are being used when connecting? maybe its something there... i tried filezilla logged mode, there is a little more info in the log but not what ports are requested when going passive mode... active php? do you mean the option for website ftp client? that line is empty in ispconfig... if that can be used (and works) thats fine with me two... all sites i have currently running i maintain myself so its not yet a problem if its only working internally but at some point it has to work externally as well...
I meant active FTP, sorry. You can switch to active PHP mode in filezilla, in that mode the ftp communication is done trough port 21 only.
When i set it to active mode i get the following: (i also tested truly remote over 4G of my phone and it was the same but different IP addresses...) 09:48:55 Opdracht: PORT 1,1,1,63,215,183 09:48:55 Antwoord: 500 I won't open a connection to 1.1.1.63 (only to 1.1.1.1) 09:48:55 Opdracht: PASV 09:48:55 Antwoord: 227 Entering Passive Mode (1,1,1,10,156,194) 09:48:55 Opdracht: MLSD 09:48:55 Fout: GnuTLS-fout -110: The TLS connection was non-properly terminated. 09:48:55 Status: Server heeft de TLS-verbinding niet goed gesloten 09:48:55 Fout: Overdrachtverbinding onderbroken: ECONNABORTED - Verbinding verbroken
i found the solution... i could remember that long ago when i also had a ftp service to share my movies and stuff for when i was with my friend... i needed to set my external ip in a config ... and i did that now and it works on passive... the command i set: echo "YOUR_EXTERNAL_IP_HERE" > /etc/pure-ftpd/conf/ForcePassiveIP