Firewall problem with ProFTPd

[SlimDeluxe]

Hi everyone.

I have enabled the plesk firewall component on my Plesk 12 / Ubuntu 14.04 machine.

Everything works except FTP. Upon connecting, it fails on the MLSD command.

Response:    200 Type set to I
Command:    PASV
Response:    227 Entering Passive Mode (x,x,x,x,174,229).
Command:    MLSD
Error:    Connection timed out
Error:    Failed to retrieve directory listing

If I release the "System policy for incoming traffic" to "Allow from everyone" it works. I have tried both secure and standard FTP connections, it does not make a difference.

Here's a screenshot of the rules.

The very same Firewall rules work just fine on my other Plesk 11 / Ubuntu machine.

I guess Plesk is not generating the correct rules. How can I determine which port should I open to make it work?

Regards,
Omer

 

[UFHH01]

Hi Omer_Sabic,

have you had a look at:

Which ports need to be opened for all Parallels Plesk services to work with a firewall? ( KB - article 391 )​

 

[SlimDeluxe]

Hi,
following that article I added a rule with following:
Allow incoming from all on ports 20/tcp, 990/tcp

Nothing changed, still times out

 

[Linulex]

When using passive ftp, the ftp server will change to another port then the usual and 20, 21, etc...

To allow passive connections in ftp you must do 2 things if you use a firewall:

- tell proftpd what ports to use for passive ftp
- open these ports in the firewall

To tell proftpd what ports to use you must add the following to /etc/proftpd.conf

PassivePorts 10000 10250

in the <Global> </Global> part of the configuration. I place mine just above </Global>, but that is up to you.

Then open these ports in the firewall.

What ports you use is up to you but be sure to use enough so there is room for everyone to connect.

Regards
Jan

 

[SlimDeluxe]

Cool, this worked like a charm, thank you!