• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

FTP No longer working

Will-NYESDigital

Will-NYESDigital

Regular Pleskian
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Parallels Plesk Panel 11.5.30 MU #8 CentOS 6.3 (Final) 64bit

PROBLEM DESCRIPTION

Users can no longer ftp in to our servers since upgrading to the latest MU last week. We have narrowed it down to be firewall related as disabling the plesk firewall enables users to connect again but we are struggling to find which setting controls this.

Any help would be appreciated

Thanks.
 
Russell-SchoolsICT said:
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Parallels Plesk Panel 11.5.30 MU #8 CentOS 6.3 (Final) 64bit

PROBLEM DESCRIPTION

Users can no longer ftp in to our servers since upgrading to the latest MU last week. We have narrowed it down to be firewall related as disabling the plesk firewall enables users to connect again but we are struggling to find which setting controls this.

Any help would be appreciated

Thanks.
Click to expand...

Parallels Plesk Panel 11.5.30 MU #9 Debian 6 64bit

We have the same problem after mu6 ...
We deinstall the Module :( so now its working ... but is no solution for a long time

I hope some guy can help here out

EDIT:
The start Screen show as an .. PSA-Firewall start .............. Failed
 
To give more details as to the issue we are having... In order to enable users to connect again we Allowed all incoming traffic in the system policy for incoming traffic, within the Plesk firewall. When this is policy is denied no users can ftp in to the server either by active or passive connections, however SFTP works.

It allows us to make an ftp connection via a dos prompt but once connected are unable to execute any further commands.

The only change we have made to the firewall recently is we denied smtp but even by undoing these changes it hasn't made a difference to the ftp access. It coincides with when we applied MU#7 which made me thought it could be related to that.
 
i have to allow all traffic :/ it works


Plesk.PNG


FTP in ACTIVE Mode(PortMode) works too without this rule (i can set it to deny)
i have no ideas more what can i do :(

I hope Igor can help here
 
Firewall module not handling PASV FTP anymore until we disable it on incoming traffic

Parallels Plesk Panel 11.5.30 MU #10 CentOS 6.4

Same here.
Problem wasn't visible until we reboot the server but now, the passive FTP can't work until we allow all incoming traffic in the firewall module (visible on multiple servers).
=> Not really secured :(

Thanks for your ideas or log/tests requests!
 
What about this issue with latest version of installed MU?
 
Just installed MU12 and all updates and problem still present.

Test with FileZilla:

- With the firewall rules "all incoming traffic" set to deny (like on default installation):

Code: 
Command :	PASV
Answer :	227 Entering Passive Mode (a,b,c,d,168,135).
Command :	MLSD
Error :	Timeout

- With the firewall rules "all incoming traffic" set to allow (only workaround available for the moment):

Code: 
Command :	PASV
Answer :	227 Entering Passive Mode (a,b,c,d,168,105).
Command :	MLSD
Answer :	150 Opening BINARY mode data connection for MLSD
Answer :	226 Transfer complete

Any ideas?
 
The passive FTP was working correctly since Plesk 8+ until few days without any custom configuration.

After a deeper analyzer and comparing config file between 6 different servers in Plesk 11.5, I can only see a small difference on live iptables :

- Working PASV situation (with latest MU but no modification of iptables trough Plesk Firewall module)

Code: 
Chain INPUT (policy DROP)
target     prot opt source               destination
[...]
[B]ACCEPT     udp  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere[/B]
DROP       all  --  anywhere             anywhere

- Non-working PASV situation(with latest MU and modification of iptables trough Plesk Firewall module)

Code: 
Chain INPUT (policy DROP)
target     prot opt source               destination
[...]
DROP       all  --  anywhere             anywhere

=> Could the problem comes from the 2 missing entries?

Regarding "/etc/proftpd.conf" file, I can't see any difference between servers and no PassivePorts configuration defined.

Thank you for your support!
 
I had the same problem... found this and it fixed the problem perfectly for me (except I used 57000 - 58000 for ports and placed the passiveport thing right before the [/global])

http://blog.serverbuddies.com/enable-passive-mode-for-ftp-in-plesk-panel/



In case that site goes down here's the steps:

Log in as root to the server shell over SSH.

Edit your ProFTPD configuration file.

1. Issue the command vi /etc/proftpd.conf
2. Add the following lines anywhere within the [Global] section:
PassivePorts 49152 65534

3. Save the file

Log in to Parallels Plesk Panel as admin, go to Modules > Firewall, and click Edit Firewall Configuration.

Click Add Custom Rule.

Specify the following:

1. Rule name
2. Direction: select Incoming.
3. Action: select Allow.
4. Ports: in the Add port input box, enter the value 49152-65534. Leave the TCP option selected, and click Add.
5. Click OK.
6. Click Activate, and then click Activate again.



Hope that helps!
 
Just tried posting... didn't appear... maybe it's cause I had links and it's awaiting moderation. In any case I'll try posting again just to make sure this goes through.

I had the same problem and these steps worked for me:

Log in as “root” to the server shell over SSH.

Edit your ProFTPD configuration file.

1. Issue the command vi /etc/proftpd.conf
2. Add the following lines anywhere within the [Global] section:
PassivePorts 57000 58000

3. Save the file

Log in to Parallels Plesk Panel as “admin”, go to Modules > Firewall, and click Edit Firewall Configuration.

Click Add Custom Rule.

Specify the following:

1. Rule name
2. Direction: select Incoming.
3. Action: select Allow.
4. Ports: in the Add port input box, enter the value 57000-58000. Leave the TCP option selected, and click Add.
5. Click OK.
6. Click Activate, and then click Activate again.
 
Hello
Exactly the same problema.
This is a good solution and works for me either. Indeed this config is the necesary config for passive FTP (see proFTP doc), but until now this config doesn't was in proftpd.conf, it must be in another included file (where we can not modify anything because all changes are lost after every update or reboot)

FTP doesn't work in passive mode from last three days, and I did not have made any changes in Firewall, proFTP config. And during this days one mupdated has been made. I am not Sherlock Holms, but I am sure that this updates have nada something with Firewalls or with ProFTP. But what? There is nothing about FTP changes in change log of Parallels.

Then form now, must we check all our servers after every update?


Thank you
 
I had the same problem since the last few days and the solution below solved the issue for me too. The strange this was that not all passive FTP connections were failing but most.

1stjambon said:
I had the same problem... found this and it fixed the problem perfectly for me (except I used 57000 - 58000 for ports and placed the passiveport thing right before the [/global])

http://blog.serverbuddies.com/enable-passive-mode-for-ftp-in-plesk-panel/



In case that site goes down here's the steps:

Log in as root to the server shell over SSH.

Edit your ProFTPD configuration file.

1. Issue the command vi /etc/proftpd.conf
2. Add the following lines anywhere within the [Global] section:
PassivePorts 49152 65534

3. Save the file

Log in to Parallels Plesk Panel as admin, go to Modules > Firewall, and click Edit Firewall Configuration.

Click Add Custom Rule.

Specify the following:

1. Rule name
2. Direction: select Incoming.
3. Action: select Allow.
4. Ports: in the Add port input box, enter the value 49152-65534. Leave the TCP option selected, and click Add.
5. Click OK.
6. Click Activate, and then click Activate again.



Hope that helps!
Click to expand...
 
You must log in or register to reply here.

Similar threads

gennolo
Resolved Cannot update an existing firewall rule to allow all ips
Replies
3
Views
886
gennolo
gennolo
Nextgen-Networks
Resolved Plesk FTP(S) Backup not working on Obsidian 18.0.53
Replies
3
Views
2K
Nextgen-Networks
Nextgen-Networks
F
Resolved New FTP user becomes visual owner of all files of the webspace on Alma 8.x
Replies
7
Views
2K
stephanecottin
S
PeopleInside
Named service stop to work randomly
2
Replies
23
Views
3K
PeopleInside
PeopleInside
P
Forwarded to devs Advisor extension Synchronize Server Time 'Open' button broken
Replies
3
Views
900
NITROFOX
N
Back
Top