ERROR: Firewall configuration

[MoritzKK]

I am unable to disable or modify the firewall by using the plesk firewall extention. Plesk throw the two errors below:

Error: Could not disable firewall:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/register_service

Error: Could not activate firewall configuration:
util_exec(.., 'proc_open') failed: file does not exist or is not executable: /opt/psa/admin/bin/modules/firewall/safeact

I checked the symlinks, they point to the same location: /opt/psa/admin/bin/modules/firewall/mod_wrapper
-r-s--x--- 1 root root 18896 Jun 6 10:37 mod_wrapper

What can I do to fix it?

 

[IgorG]

Make sure that you have the same permissions here:

[root@ppu12-0 ~]# ll /usr/local/psa/admin/bin/modules/firewall/register_service
lrwxrwxrwx 1 root psaadm 25 Jul 9 05:22 /usr/local/psa/admin/bin/modules/firewall/register_service -> ../../../sbin/mod_wrapper

[root@ppu12-0 ~]# ll /usr/local/psa/admin/bin/modules/firewall/safeact
lrwxrwxrwx 1 root psaadm 25 Jul 9 05:22 /usr/local/psa/admin/bin/modules/firewall/safeact -> ../../../sbin/mod_wrapper

Also you can try to reinstall psa-firewall package.

 

[MoritzKK]

lrwxrwxrwx 1 root psaadm 25 Jun 23 09:22 /usr/local/psa/admin/bin/modules/firewall/register_service -> ../../../sbin/mod_wrapper
lrwxrwxrwx 1 root psaadm 25 Jun 23 09:22 /usr/local/psa/admin/bin/modules/firewall/safeact -> ../../../sbin/mod_wrapper

-r-s--x--- 1 root psaadm 18896 Jun 6 10:37 /usr/local/psa/admin/sbin/mod_wrapper

I have chaged the group from root to psaadm for the three files above. The firewall configuration interface works now correctly. Thanks.

But there is still a problem with ProFTP in passiv mode with TLS encryption! I assume ProFTP can not open a random port for incoming connections. In order to that clients are unable to connect the server on the given random DATA port. If enryption is disabled clients can connect through the firewall.
It has to be a firewall issue since the DATA port is reachable if the firewall allow all incoming connections.

See thread: http://forum.parallels.com/showthre...grade-to-Plesk-12-FTP-explicite-TLS-is-broken

 

[Arne Fahrenwalde]

I just had the same issue with Plesk 12.5.30 #28 and my permissions on
/usr/local/psa/admin/sbin/mod_wrapper were wrong:
---x--x--- 1 root psaadm 23K 10. Apr 13:08 /usr/local/psa/admin/sbin/mod_wrapper

chmod 4510 /usr/local/psa/admin/sbin/mod_wrapper
and now they are
-r-s--x--- 1 root psaadm 23K 17. Apr 14:04 /usr/local/psa/admin/sbin/mod_wrapper
and applying the configuration now works again!

Thank god there's this permission table

 

[trialotto]

@Arne,

the corrections permissions are actually 4110 (---s--x---).

Nice link though!

Regards....

 

[trialotto]

@MoritzKK

You stated

But there is still a problem with ProFTP in passiv mode with TLS encryption! I assume ProFTP can not open a random port for incoming connections. In order to that clients are unable to connect the server on the given random DATA port. If enryption is disabled clients can connect through the firewall.
It has to be a firewall issue since the DATA port is reachable if the firewall allow all incoming connections.

and one has to do two things to enable this setup.

I have written a general guideline in a previous post, see: https://talk.plesk.com/threads/tips...tp-with-tls-and-ftp-backup-repository.332166/

You should have a look at the part with respect to the firewall settings.

Hope the above helps.

Regards....