release dates, ispconfig 3.1 and plugins? plus proftpd

Discussion in 'General' started by nhybgtvfr, Jun 19, 2015.

  1. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    Hi,
    is there any more new on release dates/timeframes for:
    ispconfig 3.1
    billing module 1.4
    domain registration module ?
    shop?

    also, any ideas on a timeframe for when full support for proftpd will be included in ispconfig?
    I've got it working using the instructions here: https://www.howtoforge.com/community/threads/proftpd-for-ispconfig-3-tutorial-debian.52760/ on a standalone test server.
    had to make some changes to this part in ftp_user_edit.php
    $uid = $userinfo['uid'];
    $gid = $userinfo['gid'];
    to
    $uid = $app->db->quote($userinfo['uid']);
    $gid = $app->db->quote($userinfo['gid']);

    to get it to work, but you mention in there that:
    $userinfo = posix_getpwnam($web["system_user"]);
    won't work on a multi-server system, which is what I'm trying to set up.
    I'm more than happy to use pure-ftpd, but I can't get it working behind an haproxy load-balancer, I keep getting :
    Command: PORT 192,168,0,28,24,0
    Response: 500 I won't open a connection to 84.45.154.103 (only to 192.168.51.2)
    Error: Failed to retrieve directory listing
    where 192.168.51.2 is the load-balancers internal ip.
    I'm unable to get past this problem with pure-ftpd, but proftpd works fine behind the same load balancer.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats most likely a passive port problem or a problem with the passive IP. See pure-ftpd config option PassivePortRange and ForcePassiveIP.
     
  3. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    I've already created the files for those settings,
    file: ForcePassiveIP contents: 149.5.110.135
    file: PassivePortRange contents: 6100 6200

    haproxy listener:
    listenFTP
    bind149.5.110.135:21
    mode tcp
    bind-process 1
    option tcplog
    balance leastconn
    serverftp-01192.168.51.21:21send-proxy check

    iptables rules on the load balancer:
    -A PREROUTING -d149.5.110.135/32-p tcp -m tcp --dport 6100:6200 -j DNAT --to-destination 192.168.51.21
    -A POSTROUTING -s192.168.51.21/32-j SNAT --to-source 149.5.110.135

    proftpd.conf file relevant settings:
    DefaultAddress 192.168.51.21
    PassivePorts 6100 6200
    MasqueradeAddress 149.5.110.135
    AllowForeignAddress on

    as I said, works with proftpd, doesn't with pure-ftpd, I can't find anything wrong in any of the configuration settings.
    this problem is the only thing stopping me taking the ispconfig setup live. the only other thing is the domain registration module, which would be nice to have already, but I can cope without that.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to turn on debugging in pure-ftpd, maybe you get a more detailed log output then.
     
  5. If you are sure all your ports are open and you are using Filezilla, try to use WinSCP. Sometimes this software does work.
     
  6. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    ok, it's getting weird now.

    i'm not getting the same error as before, even though nothing's been changed.
    some context:
    i have 8 webservers, with apache, without pure-ftpd
    i have 2 ftp severs, with pure-ftpd, without apache.
    all are configured in ispconfig as webservers and fileservers (ftp)

    the ftp servers, and webservers 2-8 are configured as mirrors of webserver1.

    the webservers have the ip's 192.168.51.61-68 (eth1)
    the ftp servers have the ip's 192.168.51.21-22 (eth1)
    eth0 on all servers are 192.168.60.* mounting an ocfs2 partition from the iscsitarget 192.168.60.4

    now when the ftp servers boot up, i keep seeing in /var/log/syslog

    Jun 22 14:36:01 ftp-02 pure-ftpd: (?@?) [ERROR] Unable to identify the local socket: Transport endpoint is not connected

    this repeats every 2 seconds. no idea how or why this is happening, there's nothing else using the ip/port. if i change the ip's of the ftp servers to 192.168.51.23-24 these messages stop. i've also tried removing the listener and iptables rules from the load balancer, which are the only things referencing these ip's, but that made no difference

    Jun 22 13:29:23 ftp-02 pure-ftpd: ([email protected]) [INFO] New connection from
    192.168.40.151
    Jun 22 13:29:26 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [user] [scl
    ]
    Jun 22 13:29:31 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>
    ]
    Jun 22 13:29:35 ftp-02 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [scl]

    now i just can't authenticate any users. i've tried logging in from in front of the load balancer, from the load balancer, from behind the load balancer, from one ftpserver to the other, from a vpn assigned ip. all the same: authentication failed.

    the server does have the user info though, from the dbispconfig database on ftp-02 (server_id: 21) ftp-01 contains the same data
    with server_id: 10

    mysql> select * from dbispconfig.ftp_user\G
    *************************** 1. row ***************************
    ftp_user_id: 2
    sys_userid: 1
    sys_groupid: 2
    sys_perm_user: riud
    sys_perm_group: riud
    sys_perm_other:
    server_id: 21
    parent_domain_id: 3
    username: scl
    username_prefix:
    password: $1$D7fEIGbo$qAJnWTmCRW1s2dbauXpe91
    quota_size: -1
    active: y
    uid: web3
    gid: client1
    dir: /var/www/clients/client1/web3
    quota_files: -1
    ul_ratio: -1
    dl_ratio: -1
    ul_bandwidth: -1
    dl_bandwidth: -1
    expires: 0000-00-00 00:00:00
     
  7. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    ok. got somewhere now. it seems that not having apache installed on the ftp servers, even though ispconfig was told it was a webserver, it didn't create the settings in group and passwd. and the socket error was due to a rogue instance of haproxy still running on the load-balancer keeping a connection open.

    i can login now, i've tested over a vpn connection to the firewall, so i've connected directly to the ftp server on the 1st attempt, so i know the ftp server is working ok.

    the problem is connecting through the load balancer, 2nd set of logs below, the ftp server doesn't like the change in ip. so i can't get a data connection. the same load-balancer listener configuration works fine when using pro-ftpd as the ftp-server.

    D:\>ftp 192.168.51.22
    Connected to 192.168.51.22.
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 3 of 50 allowed.
    220-Local time is now 15:25. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    User (192.168.51.22:(none)): scl_ftp
    331 User scl_ftp OK. Password required
    Password:
    230 OK. Current restricted directory is /
    ftp> ls
    200 PORT command successful
    150 Connecting to port 48667
    .
    ..
    cgi-bin
    log
    private
    ssl
    tmp
    web
    webdav
    226-Options: -a
    226 9 matches total
    ftp: 53 bytes received in 0.03Seconds 1.77Kbytes/sec.


    Jun 23 15:25:17 ftp-02 pure-ftpd: ([email protected]) [INFO] New connection from 192.168.40.151
    Jun 23 15:25:21 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [user] [scl_ftp]
    Jun 23 15:25:23 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>]
    Jun 23 15:25:23 ftp-02 pure-ftpd: ([email protected]) [INFO] scl_ftp is now logged in
    Jun 23 15:25:26 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [port] [192,168,40,151,190,27]
    Jun 23 15:25:26 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [nlst] []
    Jun 23 15:25:31 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [quit] []
    Jun 23 15:25:31 ftp-02 pure-ftpd: ([email protected]) [INFO] Logout.


    D:\>ftp 149.5.110.135
    Connected to 149.5.110.135.
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 3 of 50 allowed.
    220-Local time is now 15:26. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    User (149.5.110.135:(none)): scl_ftp
    331 User scl_ftp OK. Password required
    Password:
    230 OK. Current restricted directory is /
    ftp> ls
    500 I won't open a connection to 192.168.40.151 (only to 192.168.51.2)
    425 No data connection
    ftp>
    ftp> bye
    221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
    221 Logout.

    Jun 23 15:26:26 ftp-02 pure-ftpd: ([email protected]) [INFO] New connection from 192.168.51.2
    Jun 23 15:26:29 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [user] [scl_ftp]
    Jun 23 15:26:32 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>]
    Jun 23 15:26:32 ftp-02 pure-ftpd: ([email protected]) [INFO] scl_ftp is now logged in
    Jun 23 15:26:36 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [port] [192,168,40,151,190,41]
    Jun 23 15:26:36 ftp-02 pure-ftpd: ([email protected]) [DEBUG] Command [nlst] []
     

Share This Page