Hi, Anyone who can throw me a hint here. I've never had issues FTP connect to ISPConfig server before. I have no problems with FTP access to my old ISPConfig server. But the new clean installation I did, just wouldn't work. I've tried it all. I'm using FileZilla the newest version. And can still FTP to the old server, not the new. I tried sFTP on port 22 as well, no luck. I'm getting timeouts. Even when trying sFTP as admin on the server.... Status: connection established, waiting for welcome message... Status: Logged in Status: Retrieving directory content... Command: PWD Response: 257 "/" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (87,49,140,22,219,145) Command: MLSD Error: Connection got timeout after 20 seconds inactivity Error: Could not retrieve directory content Any ideas guys???
I suggest testing with command line FTP client, then you get better error messages when something does not work. At lest show the console log from Filezilla. Also look at the logs on the server. Check what version of Filezilla you have. I have noticed versions behave differently. I remember default connection TLS settings changed between versions. Try Internet Search Engines with Code: site:howtoforge.com ftp pureftpd connection issues
Hi Taleman, Did that, thats how I got all the failed tryout! Tried without UFW, tested ports etc... I'm not lacy, just not very good at it.. # nmap -sT -O 192.168.1.201 Starting Nmap 7.60 ( https://nmap.org ) at 2019-04-14 22:15 CEST Nmap scan report for sunderland (192.168.1.101) Host is up (0.00011s latency). Not shown: 985 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 465/tcp open smtps 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 8080/tcp open http-proxy 8081/tcp open blackice-icecap Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 OS details: Linux 3.8 - 4.9 Network Distance: 0 hops -------------------------------- Test Online FTP-Tester (https://ftptest.net/#result): EXPLICIT FTP OVER TLS: Error: Server returned unroutable private IP address in PASV reply Make sure the server is configured to allow passive mode connections. If the server is behind a NAT router, make sure the server knows its external IP address. The range of ports used for passive mode must be opened in all involved firewalls. The range of ports used for passive mode must be forwarded by all involved NAT routers. Try uninstalling all firewalls and plug your computer directly into your modem, thus bypassing the router. ----- IMPLICIT FTP OVER TLS: Error: TLS handshake failed: An unexpected TLS packet was received. Make sure your server allows FTP over TLS and has a valid certificate configured. In case the server is behind a firewall or NAT router, make sure they allow FTP over TLS. The network traffic of the TLS handshake and the TLS protected connection does not look like FTP at all. Stateful firewalls and NAT routers may not like it. Perhaps your server speaks a different protocol? Try using explicit FTP over TLS. ----- ALLOW FAILBACK TO PLAIN FTP: Error: Server returned unroutable private IP address in PASV reply Make sure the server is configured to allow passive mode connections. If the server is behind a NAT router, make sure the server knows its external IP address. The range of ports used for passive mode must be opened in all involved firewalls. The range of ports used for passive mode must be forwarded by all involved NAT routers. Try uninstalling all firewalls and plug your computer directly into your modem, thus bypassing the router. Regarding test nr. 2, Implicit FTP over TLS, the certificate was accepted, access was given but a timeout occurred before folders where listed... And the full log from the test shows this: Status: Resolving address of 87.11.11.22 Status: Connecting to 87.11.11.22 Warning: The entered address does not resolve to an IPv6 address. Status: Connected, waiting for welcome message... Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Reply: 220-You are user number 1 of 50 allowed. Reply: 220-Local time is now 22:36. Server port: 21. Reply: 220-This is a private system - No anonymous login Reply: 220-IPv6 connections are also welcome on this server. Reply: 220 You will be disconnected after 15 minutes of inactivity. Command: CLNT https://ftptest.net on behalf of 87.11.11.22 Reply: 530 You aren't logged in Command: AUTH TLS Reply: 234 AUTH TLS OK. Status: Performing TLS handshake... Status: TLS handshake successful, verifying certificate... Status: Received 1 certificates from server. Status: cert[0]: subject='C=DK,ST=Zealand,L=Tureby,O=PIS,OU=IT Development,CN=myserver.mydns.dk,[email protected]' issuer='C=DK,ST=Zealand,L=Tureby,O=PIS,OU=IT Development,CN=myserver.mydns.dk,[email protected]' Command: USER xxxxgoat Reply: 331 User xxxxgoat OK. Password required Command: PASS ******** Reply: 230 OK. Current restricted directory is / Command: SYST Reply: 215 UNIX Type: L8 Command: FEAT Reply: 211-Extensions supported: Reply: EPRT Reply: IDLE Reply: MDTM Reply: SIZE Reply: MFMT Reply: REST STREAM Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Reply: MLSD Reply: AUTH TLS Reply: PBSZ Reply: PROT Reply: UTF8 Reply: ESTA Reply: PASV Reply: EPSV Reply: SPSV Reply: ESTP Reply: 211 End. Command: PBSZ 0 Reply: 200 PBSZ=0 Command: PROT P Reply: 200 Data protection level set to "private" Command: PWD Reply: 257 "/" is your current location Status: Current path is / Command: TYPE I Reply: 200 TYPE is now 8-bit binary Command: PASV Reply: 227 Entering Passive Mode (192,168,1,201,47,44) Error: Server returned unroutable private IP address in PASV reply If anyone is using the same combination as me, please le me know which setting you use in FileZilla. It's usually here, the problem is...
Set a passive IP in pure-ftpd: https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/
I've read a lot about issues with PureFTPd and ISPconfig/Ubuntu Debian configs... Re: Filezilla & ISP Config 3 - Failed to retrieve directory listing #7 Post by cherubin13 » 2016-05-05 16:27 Hello Tim, Thank you for your help, i found how to fix that. the mistake came from the server config, and i found the solution here : http://www.faqforge.com/linux/controlpa ... ntu-linux/ If we want the ftp connectin works well, we must configure pure-ftpd before echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange /etc/init.d/pure-ftpd-mysql restart I'm not very comfortable doing all these modifications. What I would like was for one of you guys, who use the exact same combination of configs as me, to verify that this actually works. PureFTPd/ISPconfig 3.1/Ubuntu/Debian... There has always been issues on this setup and FTP, but we where ale to solve it with the old ISPconfig 3 server, using totally insecure methods...If a thing as simple as FTP has to be as difficult as this, then we newbies hasn't got a chance.. Any ideas is welcomed
Did we just find the same site you and I Till??? I'll try it, I just wanted you to verify this first. So that I'm not going to make it worse
Hi Till, It worked! Thanks... Writing the solution here for others to do... Source site: https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/ If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections don't get blocked. The following example is for pure-ftpd on Debian or Ubuntu Linux and ISPConfig 3. Step 1. Set Passive Port Range in PureFTPD. Configure PureFTPd like this: Command: # echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange Command: # service pure-ftpd-mysql restart Step 2. Edit your configuration in ISPConfig 3.1 CP/System/Firewall. Add. "40110:40210" so it look something like this: Open TCP ports: "20,21,22,25,53,80,110,143,3306,8080,8081,10000,40110:40210" This worked for me, using FileZilla on ISPConfig 3.1 on a Ubuntu Server 18.04.2. Even behind a NAT config. I can access it from the safe side as well as the unsafe sit, local ip/servers fixed ip. Nevertheless, setting a passive IP in FTP might be necessary when your server is located behind a NAT router. You will get an error like "Error: Server returned unroutable private IP address in PASV reply" from your FTP client in such a case. Step 3. To set a passive IP address, run this command. Replace 1.2.3.4 with the External IP address that clients shall use to connect to the FTP server.: Command: # echo "1.2.3.4" > /etc/pure-ftpd/conf/ForcePassiveIP Then restart pureFTPD: Command: # service pure-ftpd-mysql restart KR Dan
