Microupdates overwrite PassivePorts

[Manuel_Caramia]

Hi,
how is it possible that if I set PassivePorts in /etc/proftp.d/vim 50-plesk.conf then they are deleted after updates?
Thank's

 

[Manuel_Caramia]

up please

 

[trialotto]

@Manuel_Caramia,

The file /etc/proftpd.d/50-plesk.conf is "autogenerated", so to speak.

It is "good practice" to not change the original Plesk files, including the file 50-plesk.conf.

In order to set the passive ports properly, do the following:

a) go to /etc/proftpd.d/ directory,

b) create a file named "passiveports.conf" (or similar, but the .conf extension is required)

c) edit the contents of the file "passiveports.conf" to include a line with the text "PassivePorts <start> <end>", with <start> and <end> defining the port range.

Note that it is not necessary to restart proftpd and/or xinetd and/or Plesk, the new configuration will apply to any new connection to the FTP server.

Also note that every customization of proftpd configuration can be done with a similar procedure, with the resulting files not being overwritten by Plesk updates.

Finally, note that I have written some tips concerning FTP: http://talk.plesk.com/threads/tips-...tp-with-tls-and-ftp-backup-repository.332166/

Hope the above helps...

Kind regards

 

[Manuel_Caramia]

So is it useless to edit this file etc/proftpd.d/50-plesk ?
That modify was done by abdi!

 

[trialotto]

@Manuel_Caramia,

It is not "useless", the modification in the file 50-plesk.conf can be overwritten at updates ("can", not necessarily "is" or "will be").

In general, it is "good practice" to define custom configuration files, located in the dedicated directories.

Plesk uses a standard configuration file that (also) refers to those dedicated directories, implying that all custom configuration files can be added to those directories, without any danger of losing them and/or danger of those custom configuration files being overwritten.

By the way, if you are migrating the server, be aware that you should copy (i.e. scp or rsync) your custom configuration files to the new server.

Hope the above helps...

Kind regards

 

[Manuel_Caramia]

@trialotto,
thank you. I try to add that new file you said me.
Thanks

 

[Manuel_Caramia]

@trialotto,
excuse me, I created this file: passiveports.conf in /etc/proftpd.d/ with this settings:
PassivePorts <start> 57000 58000 <end>
but it does not work.
How is it possible? I dont understand correctly. Thanks.

 

[Manuel_Caramia]

@trialotto
I have tried to add only this: PassivePorts 57000 58000 and it seems that works but I need that it works with this settings of FileZilla:
use explicit FTP over TLS if available.
Thank you

 

[Manuel_Caramia]

Up and happy Aester

 

[trialotto]

@trialotto
I have tried to add only this: PassivePorts 57000 58000 and it seems that works but I need that it works with this settings of FileZilla:
use explicit FTP over TLS if available.
Thank you

Manuel_Caramia,

It is indeed a line of the form "PassivePorts 57000 58000" (the <start> and <end> tags were intended as markers, to indicate the form of the line, nothing more or less).

With respect to the Filezilla comment, it should work with all settings in Filezilla, however I will clarify some of the Filezilla settings:

a) setting "use explicit FTP over TLS if available": works fine with the passiveports.conf file AND the passive ports opened up in the firewall

b) setting "requires explicit FTP over TLS": works fine (see a)

c) setting "normal FTP (insecure)": works fine

d) setting "requires implicit FTP over TLS": will not work, as expected (Plesk´s proftpd server does not have appropriate configuration for implicit FTP. The "implicit FTP" method refers to a deprecated TLS/SSL negotiation method. Also note that "implicit FTP" will never work, if the appropriate ports 989 and 990 are not opened in the firewall).

As a final note, it can be the case that older versions of Filezilla do have some problems (i.e. known bugs) with explicit FTP over TLS.

The latest version(s) of Filezilla will not have these problems (i.e. the bugs are patched).

Just some background information on the topic, it can never do harm.

Kind regards...

 

[Sergey L]

The file /etc/proftpd.d/50-plesk.conf is "autogenerated", so to speak.
It is "good practice" to not change the original Plesk files, including the file 50-plesk.conf.

Exactly for that reason the file includes this statement:

> cat /etc/proftpd.d/50-plesk.conf
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.​

 

[Manuel_Caramia]

Exactly for that reason the file includes this statement:

> cat /etc/proftpd.d/50-plesk.conf
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.​

Yes but that file was modified from your partner trought a premium service.
Now I have created a passiveports.conf file.

 

[Manuel_Caramia]

@trialotto I have opened my passive ports on my firewall, passiveport.conf is correct but I cannot use

setting "use explicit FTP over TLS if available"

How can I check if there is an error?

 

[Manuel_Caramia]

up please

 

[trialotto]

@Manuel_Caramia,

First of all, I have seen this before, but what exactly do you mean with

up please

?

Second, sorry for the late response, but with respect to

How can I check if there is an error?

the following.

You state that you cannot make a connection from Filezilla to the FTP server, is that correct?

In most cases, some simple explanation is present:

- password is not correct,
- firewall settings are not correct.

In order to exclude the above, just

- create a new password and test a plain FTP connection in Filezilla: if this works fine, it was the password.

- with the new password, make a connection profile (simply press Ctrl + S) in Filezilla and click "New Site" and fill in the IP, login and password and click "OK" to save settings. The connection settings "use explicit FTP over TLS if available" are selected by default, so no change there. Then click "Connect": it should work fine.

- if the connection cannot be made, one should verify the firewall settings in the Plesk Panel, the specific firewall rule should allow your IP or IPs (for instance, the firewall rule should state something like "Allow incoming from IP1, IP2, etc on port 57000-58000/tcp").

If all of the above options do not help, you should then consider to reinstall the latest Filezilla version (and try again).

By the way, if I have to make an educated guess, I believe that the issue is firewall related, implying that you can skip all other steps and first have to check the firewall rules.

Just let me know. And if it still does not work, please provide a screenshot from connection attempts with Filezilla, even though I hope that the problem is resolved by now.

Kind regards....

 

[Manuel_Caramia]

Hi @trialotto

First of all, I have seen this before, but what exactly do you mean with ?

I'm not english and I thought that expression was used to show the post, sotty if it is not!

You state that you cannot make a connection from Filezilla to the FTP server, is that correct?

No, I can connect to FTP server but only with setting "normal FTP (insecure)". If I try to set: explicit FTP over TLS if available, it does not work. File "passiveports.conf" is properly configurated and I have opened my passive ports on my firewall but I cannot connect. I attach one image and I change the language of FileZilla so you can read correctly.

 

[trialotto]

@Manuel_Caramia,

I have the idea that you did not enable the Filezilla program in your (local) Windows firewall, given the fact that the TLS handshake is not started and/or finished properly, even though the connection is established and the AUTH TLS command is executed.

Just have a look in your (local) Windows firewall.

Kind regards.....

 

[Manuel_Caramia]

hi @trialotto no that's not the problem. I have other servers and it works properly. The problem is not my local firewall

 

[trialotto]

@manuel,

Please send me a "conversation request" (i.e. start a conversation) and provide me with some ftp login data, so I can test directly.

This will work faster, I presume.

Moreover, the last couple of posts are becoming more and more off-topic, so let´s continue in a private conversation.

Kind regards....