• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

ERROR: Firewall configuration

M

MoritzKK

New Pleskian
I am unable to disable or modify the firewall by using the plesk firewall extention. Plesk throw the two errors below:
Code: 
Error: Could not disable firewall:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/register_service
Code: 
Error: Could not activate firewall configuration:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/safeact

I checked the symlinks, they point to the same location: /opt/psa/admin/bin/modules/firewall/mod_wrapper
-r-s--x--- 1 root root 18896 Jun 6 10:37 mod_wrapper

What can I do to fix it?
 
Make sure that you have the same permissions here:

[root@ppu12-0 ~]# ll /usr/local/psa/admin/bin/modules/firewall/register_service
lrwxrwxrwx 1 root psaadm 25 Jul 9 05:22 /usr/local/psa/admin/bin/modules/firewall/register_service -> ../../../sbin/mod_wrapper

[root@ppu12-0 ~]# ll /usr/local/psa/admin/bin/modules/firewall/safeact
lrwxrwxrwx 1 root psaadm 25 Jul 9 05:22 /usr/local/psa/admin/bin/modules/firewall/safeact -> ../../../sbin/mod_wrapper

Also you can try to reinstall psa-firewall package.
 

lrwxrwxrwx 1 root psaadm 25 Jun 23 09:22 /usr/local/psa/admin/bin/modules/firewall/register_service -> ../../../sbin/mod_wrapper
lrwxrwxrwx 1 root psaadm 25 Jun 23 09:22 /usr/local/psa/admin/bin/modules/firewall/safeact -> ../../../sbin/mod_wrapper

-r-s--x--- 1 root psaadm 18896 Jun 6 10:37 /usr/local/psa/admin/sbin/mod_wrapper

I have chaged the group from root to psaadm for the three files above. The firewall configuration interface works now correctly. Thanks.

But there is still a problem with ProFTP in passiv mode with TLS encryption! I assume ProFTP can not open a random port for incoming connections. In order to that clients are unable to connect the server on the given random DATA port. If enryption is disabled clients can connect through the firewall.
It has to be a firewall issue since the DATA port is reachable if the firewall allow all incoming connections.

See thread: http://forum.parallels.com/showthre...grade-to-Plesk-12-FTP-explicite-TLS-is-broken
 
I just had the same issue with Plesk 12.5.30 #28 and my permissions on
/usr/local/psa/admin/sbin/mod_wrapper were wrong:
---x--x--- 1 root psaadm 23K 10. Apr 13:08 /usr/local/psa/admin/sbin/mod_wrapper

chmod 4510 /usr/local/psa/admin/sbin/mod_wrapper
and now they are
-r-s--x--- 1 root psaadm 23K 17. Apr 14:04 /usr/local/psa/admin/sbin/mod_wrapper
and applying the configuration now works again!

Thank god there's this permission table :)
 
@Arne,

the corrections permissions are actually 4110 (---s--x---).

Nice link though!

Regards....
 
@MoritzKK

You stated

MoritzKK said:
But there is still a problem with ProFTP in passiv mode with TLS encryption! I assume ProFTP can not open a random port for incoming connections. In order to that clients are unable to connect the server on the given random DATA port. If enryption is disabled clients can connect through the firewall.
It has to be a firewall issue since the DATA port is reachable if the firewall allow all incoming connections.
Click to expand...

and one has to do two things to enable this setup.

I have written a general guideline in a previous post, see: https://talk.plesk.com/threads/tips...tp-with-tls-and-ftp-backup-repository.332166/

You should have a look at the part with respect to the firewall settings.

Hope the above helps.

Regards....
 
You must log in or register to reply here.

Similar threads

A
Resolved Daily cronjob "email-security/scripts/sa-train-bayes.php" fails
Replies
7
Views
681
AvaDev
A
J
Issue Error: configuration files for the Apache web server were not created
Replies
1
Views
541
Raul A.
R
L
Issue Wp Tool Kit Hopelessly Broke
Replies
4
Views
1K
Ladylinux
L
Polli
Issue Zend_Http_Client_Exception: Error in cURL request:
Replies
4
Views
927
Sebahat.hadzhi
Sebahat.hadzhi
sweetp
Question SSL renewed/created hook?
Replies
2
Views
381
sweetp
sweetp
Back
Top