• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Enable proftpd with PASSIVE MODE !!!!

J

JoaoCorreia

Guest
In proftpd.conf include these lines:

# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts 49152 65534

In you firewall script enable this port range on TCP.
something like this on
/etc/sysconfig/iptables


-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 49152:65534 --syn -j ACCEPT


Regards
Joao Correia
 
You can setup any Passive ports you want in proftpd.conf, depending on your firewall. Then you must restart xinetd.
 
I ALWAYS add these directives to my proftpd.conf. I think Plesk should include them by default.

Code: 
# delay on login off (are included on newest Plesk)
IdentLookups off
UseReverseDNS off

# Custom directives
TimeoutIdle                     900
TimeoutNoTransfer       900
PassivePorts                  49152 65534
TimesGMT                      Off

Also they should include an option to add port-RANGES in the Firewall module (for the PassivePorts this would be handy too).
 
its always one of the first things I do when I re-setup my box or install a new version..

I don't use so much ports for it anyway
 
Yuck...

...get with the times, you should be using SFTP over SSH - ftp, of course, sends username and password over the wire unencrypted.

To make this work, of course, should install a shell like chmodded rssh (allows sftp and scp only, disallows direct login and command execution), or at a push, plesk's builtin chmodded bash. (but that's a bit riskier).

It's also a nice side-effect that you don't need to change any configs or open any more ports, it's all done through 22.
 
Chmodded ????

You mean chrooted ?

Plesk already supports nice chrooted SFTP for domains.
 
Umm

modprobe ip_conntrack_ftp

Seems to allow passive without making a dirty great big hole in one's firewall.

Stuart
 
now there's someone who knows a little something about linux
 
Yeah and don't forget to do this again after a reboot.

What should be added in /etc/modprobe.conf to automate this ??

Just a new line with 'ip_conntrack_ftp' ?? Or with 'install' before it or something ?
 
depends what OS/distro you're using.

for rhel3, the proper way is to specify it in /etc/sysconfig/iptables-config:
IPTABLES_MODULES="ip_conntrack_ftp"

if you need to load two or more modules, separate them with spaces because the iptables script does a for-in on the IPTABLES_MODULES variable.
 
You must log in or register to reply here.

Similar threads

Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
2K
Liwindo
Liwindo
Sailorhost
Question IPv6 unreachable
Replies
4
Views
2K
Sailorhost
Sailorhost
M
Issue FTP behind VPN - Connect it via Local IP
Replies
0
Views
3K
Mutate2546
M
T
Issue Explicit FTP over TLS: Initializing TLS... TLS/TLS-C negotiation failed on control channel
Replies
3
Views
4K
mow
M
D
Resolved plesk connection ftp, command MLSD failed, PassivePorts allready added
Replies
5
Views
4K
D-JAY
D
Back
Top