Sorry I have read a lot of post on configure pure-ftp and TLS. Now I be able to connect and list files but not to upload: I open In ISPConfig 3.1.1.15P3 the firewall port: Code: 20/tcp 21/tcp 889/tcp 990/tcp 40110:40210/tcp all are Code: ALLOW Anywhere and test its on Code: ufw status in Code: /etc/pure-ftpd/conf/PassivePortRange I have: Code: 40110 40210 Connection is god and stable. list all file well. but on upload I have error Code: 451-Error during read from data connection seams a owner problem but I check and user and group are correct. I check on pure-ftp database and it pickup the right user/group: web2/client1 all files are writable by user 'web2' on destination folder. all permission in folder from / to the last where file are to be write, are correct and make it writable by web2. So I investigate on the syslog: Code: Apr 1 17:30:42 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Apr 1 17:30:43 gemini pure-ftpd: ([email protected]) [DEBUG] Command [type] [A] Apr 1 17:30:43 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pasv] [] Apr 1 17:30:44 gemini pure-ftpd: ([email protected]) [DEBUG] Command [stor] [setup-nextcloud.php] Apr 1 17:30:44 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Apr 1 17:30:44 gemini kernel: [ 8554.714078] [UFW BLOCK] IN=eth0 OUT= SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=610 26 DPT=40160 WINDOW=0 RES=0x00 RST URGP=0 Apr 1 17:30:45 gemini kernel: [ 8554.742450] [UFW BLOCK] IN=eth0 OUT= SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=610 26 DPT=40160 WINDOW=0 RES=0x00 RST URGP=0 My ip is 95.239.127.43 so the sender is me. DST=80.241.208.16 is my server DPT=40160 is in range 40110:40210 The message come from me to the server in the pureftp range so i suppose is a ftp message. I suppose UFW BLOCK means UFW is BLOCKing and not other I hope so why UWF is blocking my incoming message? I suppose this is the reason why I cannot upload. My client ftp use Passive mode. Any idea? best regards, Leonardo P.S. Code: [email protected]:~# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 9840/pure-ftpd (SER tcp 0 0 80.241.208.16:53 0.0.0.0:* LISTEN 1043/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1043/named tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 690/systemd-resolve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1056/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1043/named tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1/init tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1027/dovecot tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1549/amavisd-new (m tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 1054/rsync tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 1549/amavisd-new (m tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1163/mysqld tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1109/redis-server 1 tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1051/memcached tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1027/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1/init
The first code message in my previous message. It is an bit off it. have I lost some port that have to be open? why if 40110:40210/tcp are ALLOW Anywhere then Code: Apr 1 17:30:44 gemini kernel: [ 8554.714078] [UFW BLOCK] IN=eth0 OUT= SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=610 26 DPT=40160 WINDOW=0 RES=0x00 RST URGP=0 to me seams 40160 is blocked. best regards, Leonardo
I disable and enabled uwf (good idea ) then test ftp and get same error. so I get my iptable list. Here it is: https://pastebin.com/U0RS4Yan best regards, Leonardo
I checked fail2ban and my IP is not banned. I do a new try and pick up new syslog: This is only for connection and all seams ok: Code: Apr 3 15:59:07 gemini pure-ftpd: ([email protected]) [INFO] New connection from 95.239.127.43 Apr 3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [auth] [TLS] Apr 3 15:59:08 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Apr 3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [user] [lesarnextcloud] Apr 3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>] Apr 3 15:59:08 gemini pure-ftpd: ([email protected]) [INFO] lesarnextcloud is now logged in Apr 3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [syst] [] Apr 3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [feat] [] Apr 3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [opts] [UTF8 ON] Apr 3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pbsz] [0] Apr 3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [prot] [P] Apr 3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pwd] [] Apr 3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [type] [I] Apr 3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pasv] [] Apr 3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [mlsd] [] Apr 3 15:59:10 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Apr 3 15:59:17 gemini pure-ftpd: ([email protected]) [INFO] New connection from 95.239.127.43 Apr 3 15:59:17 gemini pure-ftpd: ([email protected]) [DEBUG] Command [auth] [TLS] Apr 3 15:59:18 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Apr 3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [user] [lesarnextcloud] Apr 3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>] Apr 3 15:59:18 gemini pure-ftpd: ([email protected]) [INFO] lesarnextcloud is now logged in Apr 3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [opts] [UTF8 ON] Apr 3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pbsz] [0] Apr 3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [prot] [P] Apr 3 15:59:19 gemini pure-ftpd: ([email protected]) [DEBUG] Command [cwd] [/] Apr 3 15:59:19 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pwd] [] Then try to upload a file: Code: Apr 3 15:59:25 gemini pure-ftpd: ([email protected]) [DEBUG] Command [type] [A] Apr 3 15:59:25 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pasv] [] Apr 3 15:59:25 gemini pure-ftpd: ([email protected]) [DEBUG] Command [stor] [setup-nextcloud.php] Apr 3 15:59:26 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher Apr 3 15:59:26 gemini kernel: [175876.251370] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3c:78:60:00:08:e3:ff:fd:90:08:00 SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=65411 DPT=40119 WINDOW=0 RES=0x00 RST URGP=0 In this code we see - [email protected]: it' me - SRC=95.239.127.43: message from me - DPT=40119: destination port in passive mode range and the message is UFW BLOCK. I investigate on iptables
Very sorry I was try using filezilla 3.39.0 and got this strange error. Strange is the syslog too seames to block the ftp message. but after disable uwf same error. I try using lftp 4.8.4 and all go well. the file was success put on remote server. So I think the error was on Filezilla+TLS Thank to your help, best regards, Leonardo
yeah, don't think that version of FileZilla works well with tls1.3 you could just update it, I've got 3.46.0 and that seems ok. (although I stil have tls1.2 enabled as well, so it could be using that) but there were definitely known issues with filezila and tls1.3