PureFTPd issue on ISPConfig 3.1 - Debian 10

Discussion in 'Installation/Configuration' started by albegior, Oct 1, 2019.

  1. albegior

    albegior New Member

    I made a new server with this how-to:
    The Perfect Server - Debian 10 (Buster) with Apache, BIND, Dovecot, PureFTPD and ISPConfig 3.1

    All works fine but I noticed that if I turn on the ISPConfig firewall with these rules I can't login to FTP anymore.
    Open TCP ports: 20,21,22,25,53,80,110,143,443,465,587,993,995,3306,8080,8081,10000
    Open UDP ports: 53,3306

    If firewall it's OFF all works fine.

    Best regards
  2. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    I assume you're using passive mode ftp, if so, what port range are you using for it?
    cat /etc/pure-ftpd/conf/PassivePortRange
    add that port range to the firewall.
  3. albegior

    albegior New Member

    No such file or directory
    I'm using ISPConfig from many years without adding any port to firewall rules...
  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    it might be set in /etc/pure-ftpd/pure-ftpd.conf

    active mode only uses port 20 and port 21. so that should work with those rules, whether the firewall is on or not.
    passive mode needs the publicly accessible ip set (ForcePassiveIP) and the port range (PassivePortRange).
    it's the only thing that makes sense to not be working with the firewall on given those ports you list.

    the only other thing I've seen would depend on what ftp client you're using. FileZilla has a bug with TLS 1.3 but I don't see the firewall being on or off making any difference with that.
  6. albegior

    albegior New Member

    It works!
    Thank you!
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    And the port 20 connections are all outbound, so you don't need to open that up in your firewall.

Share This Page