FTP backup to remote location, chooses random passive mode ports

[vtjballeng]

We have been using Plesk FTP backups for some time now. Recently we had to switch from our custom WRT54GL Linksys router with DD-WRT to an Actiontec Router MI424WR because we got FIOS service instead of cable internet (what a positive difference!). However the Actiontec router sometimes drops wireless clients and has firewall issues.

We have been closing down everything just recently to try and bump security on this router but have run into a problem. We have defined a set of passive mode transfer ports that forwards to our local server running Filezilla server, whose passive transfer ports are defined appropriately. However the Plesk FTP client chooses seemingly random passive mode transfer ports and we cannot simply open up all ports. Is there a way for us to force the Plesk FTP Backup client to use a specific port or port range so we can have our firewall at our location set to allow this port or port range?

 

[breun]

I believe you specify the ports in the FTP server's config and I didn't think the client side can choose any other ports.

You might want to use SCP (over SSH, port 22) instead of FTP to transfer the file. It's encrypted and only uses that one port.

 

[vtjballeng]

ok, not a bad idea. I could simply use passive mode over one port and use port 22 also. However, whatever method I choose seems irrelevant as I'm not able to define the port or method used by the Plesk remote backup ftp client. So how do I force the Plesk remote backup ftp client to use scp or passive mode or anything and define what port it should use?

I have defined port on my server side which is local to me however I have no way to make the plesk client use the method i choose on the server side.

 

[breun]

I don't believe the Plesk backup client supports SCP directly. You'll have to script creating the backup and then scp'ing it off to a remote location.

My FTP knowledge is rusty (SSH gets me around), but I thought that FTP control connections were always initiated on port 21 and that the high data transfer ports were negotiated after that. I'd think that specifying the passive mode ports in the FTP server config would not let the client decide on using a port outside that range, but I'd have to read up on that process.

 

[vtjballeng]

I was hoping there would be a way to change a config file somewhere rather than scripting our own ftp upload system from scratch.

As far as defining the ports, I'm not sure if the server side is supposed to dictate the ports and the client side is supposed to obey. However, the case is that I have defined the passive transfer ports on the server side and the client is clearly not obeying. I have a port range that is defined on the server side and when I watch the plesk client try to get in, I see it hit all kinds of random ports.

 

[breun]

Uploading a file using scp can be done in 1 line, so scripting the whole thing is not too hard.

See http://slacksite.com/other/ftp.html for an explanation of both passive and active FTP.