• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

FTP users problem

CoyoteKG

CoyoteKG

Regular Pleskian
Hello, since from beggining I have problem with FTP on my server.

Server is Debian 8.2 and Plesk 12.5.30 Update #20

I have no idea what can be...
At beggining I tried to set to use FTP root, and maybe that I something crashed...

Now, for every webspace I created, and FTP user for that webspace, I cant use FTP.
I tried FTP and SFTP, and ports 21 and 22, and Filezilla and WinSCP...
Only I can do, is upload over browser...

Can you help me, where to look, from what point to beggin?


edit:
now I turned firewall down, and I success to connect on FTP without problem...

What can be problem?
I saw before that In firewall all connections for FTP server are Allowed
FTP server - Allow incoming from all
 
Last edited:
Hello,

The config of FTP behind a firewall (client side or server side) is tricky but it is easy to fix if you know what is going on.

Remember that the FTP protocol uses separate TCP connections for the commands and the data transfer. In fact the port of the data connections is chosen "on the fly" and transmitted in the command connection so that the other side can start the stream pointing to the right TCP port.

If you use the "passive" mode, it is the server who starts listening on one port and indicates the client which port to use so that the client issues the connect.

If you use the "active" mode it is the client who starts listening on one port and passes the port to the server who issues the connect (yes that's right in FTP active mode it is the server who connects and the client who listens for the data transfers).

Now here comes the trick: recent versions of Filezilla default to use passive mode and SSL so you need to have the data port to where the client connects open in the firewall. If you switch to active mode (which must be explicitely enabled in Filezilla 3.10+) you need to disable SSL so that your home router detects the port used by your client and establishes an on-the-fly NAT translation.

Since not all routers can be trusted to do the NAT correctly I use the passive mode, reserving a port range for data connection and opening that port range in the firewall. This can be achieved with the following directive under let's say: /etc/proftp.d/passive_ports.conf:

PassivePorts <first> <last>

and then inserting the appropriate iptables rules or whichever firewall you are using to have that port range open to the world.

Hoping this helps,

Miguel
 
You must log in or register to reply here.

Similar threads

C
Issue Can't connect to FTP with any account but root
Replies
3
Views
617
AYamshanov
AYamshanov
B
Resolved Update broke FTP access
Replies
5
Views
298
Sebahat.hadzhi
Sebahat.hadzhi
A
Question Cant connect with SFTP user and login in Plesk ( amazon lightsail)
Replies
19
Views
701
Sebahat.hadzhi
Sebahat.hadzhi
S
Question Restore Backup with FTP (server to server)
Replies
0
Views
510
safemoon
S
J
Question connect from Filezilla with FTP over TLS
Replies
17
Views
3K
jogisarge
J
Back
Top