Hi all, I have a very cuirous problem. For the past year my server has been running perfectly (web/ftp etc). For the past week I do not seem to be able to connect through ftp. The only change I remember doing is inputting in /etc/hosts the line 192.168.1.10 debian.cubecom.gr to enable output for the "hostname -f" that gave me "hostname: Name or service not known". The reason i did this was because i wanted to run a seafile server on this server. However, since then whenever i try to connect via ftp the connection just times-out and when i tried https://ftptest.net with an account the answer is : " Command: PASV Reply: 227 Entering Passive Mode (192,168,1,10,178,234) Error: Server returned unroutable private IP address in PASV reply" The seafile server worked perfectly btw but my ftp is far more important to me than this. Any idea how I can fix this. PS System configuration: Debian wheesy, apache2, pure-ftpd, postfix, ispconfig 3 all configured using the "Perfect server debian wheezy, apache2 etc guide" tutorial.
Create a new file /etc/pure-ftpd/conf/ForcePassiveIP in this file add your external IP address. Then restart pure-ftpd.
Thanks for your instant reply Till! However, I tried what you suggested and still it does not connect. Now it gives me a different error: "Error: Carriage return without line feed received" This is ton the online FTP check site. Filezilla still refuses to connect. i created the file that you suggested and entered on the first line my external ip address without any carriage returns or spaces. Is that correct? Thanks Edit: i remembered just now that 4-5 days ago, there was an update on mysql and that did not work and i had to change the script that i created to start the seafile server to give it priority as it had none. It is probably irrelevant but i thougth i'd mention it
you can see if its correct when you restart pure-ftpd. If your external IP is e.g. 1.2.3.4 then you should see: -P 1.2.3.4 in the start line of pure-ftpd.
i erased the forcepassiveip file and restarted and now i can connect through my internal network but not from outside. I mean that if i use 192.168.1.10 it works but with 1.2.3.4 (my ext ip that is) it doesn't .
When you want to use FTP from outside, then you have to set the ForcePassiveIP as pure-ftpd will show your internal IP to the client without it and the connect then fails.
Why does it work when the forcepassiveip is off and it doesn't with it on? My router has nat loopback and apache works with no problem. What i mean is that if i enter my ext ip to a browser it gives me my websites. When i try to connect my ftp with the ext ip it does not work. Is there anything to look for in this case? Needless to say that this worked up to 3-4 days ago. What it looks like is that my ftp server does not listen to outside requests. My port forwarding is correct btw as i can see that the port is open and accepting connections.
Hi again, i created a file in /etc/pure-ftpd/conf/PassivePortRange with port numbers 60000:61000 and i restarted the service. It worked both from the LAN and from outside, and from my pc inside the LAN it worked by using the ext IP. I proceeded to reboot and after the server rebooted it stopped responding to the external ip and has not worked since. I rebooted my router,switches and everything else and still no joy. I double checked my firewall, port forwarding and it is all correct. When i try to connect, with the ext ip, it looks like it is not receiving the request at all and the connection times-out. What in the name of God is going on eludes me. Any ideas?
It appears that the culprit behind this is fail2ban. For no apparent reason it stops allowing connections from the outside world. As soon as I restart fail2ban, it works for some time and the same happens all over again... What is going on here? I haven't changed anything in fail2ban, it is version 0.8.13 and the funny thinf is that in jail.conf pure-ftpd is on enable = false. Anyone?
Check the fail2ban.log which service is causing the ban. Fail2ban ca not work on servers that are behind a NAT router as all request originate from this router, so fail2ban will ban the address of the router.