Hi ! Today I added "open port 3128" to my firewall rules in ISPConfig 3/Debian, and suddenly ftp stopped working. No ftp client can now connect to ftp. Error message below. I'm really puzzled, everything was fine until today. There were no other changes, including SuSE/Shorewall router/firewall which forwards traffic to DMZ. ISPConfig server runs on DMZ 192.168.1.xx. Squid (on DMZ) is still down, so it should not interfere in any way. How to fix this? Open port tcp 990 on Shorewall and make destination NAT to DMZ? Added these configs, no change (my.ext.srv.ip' = my external IP). echo 'yes' > /etc/pure-ftpd/conf/DontResolve echo 'my.ext.srv.ip' > /etc/pure-ftpd/conf/ForcePassiveIP Thanks in advance for any suggestion(s). Resolving address of mydomain.com Status: Connecting to xx.xx.xx.xx:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Connected Status: Retrieving directory listing... Status: Server sent passive reply with unroutable address. Using server address instead. Command: MLSD Error: Connection timed out after 20 seconds of inactivity Error: Failed to retrieve directory listing
Seems as if the passive IP has bot been applied to the config yet. Did you restart pure-ftpd-mysql service? And you might have to set a passive port range too: https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-denian-and-ubuntu-linux/
Thanks, now its OK, after I made DNAT net-> dmz ports 40110:40210 on Shorewall. Very strange, till yesterday it WORKED as is wit old setup. Below are Shorewall /etc/rules if someone needed. ACCEPT net $FW tcp 40110:40210 ACCEPT net dmz tcp 40110:40210 DNAT net dmz:192.168.xx.xx tcp 40110:40210