• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk Firewall and SFTP

D

Damo

Basic Pleskian
Basically I can connect to and from my server using SFTP on port 21 though as soon as I enable "Enable Firewall Rules Management" it's blocked regardless if I have rule to allow FTP access.

I've tired connecting to Plesk using Filezilla and using the FTP backup manager both are blocked if I enable the firewall.
 
Sorry, it's not "SFTP" I'm using trying to use "FTPS"

I'm now able to connected via filezilla to plesk using FTPS on port 21 though the backup manager is unable to communicate with my offsite FTP server via FTPS.
 
@Damo,

Let´s use this thread to discuss your issue, since the other one is intended to be a guideline (not a thread to solve issues).

You stated

Damo said:
Hello

I've gone through you everything you've suggested.

I have a NAS at home I'm trying to get Plesk to connect to though I'm having trouble connecting to it with the firewall on, if I turn it off I can connect but I can only connect to the NAS with the "use FTPS" box checked not "use passive mode" I think that would indicate that the ports are closed somewhere though I've added the option to allow the ports I've chosen everywhere on my NAS, home router and Plesk still cannot connect I receive this error in Plesk.

"Transport error: unable to list directory: Curl error: Timeout was reached"
Click to expand...

and one has to summarize the above as:

- the Plesk based FTP server is (probably) working fine, but can connect to the remote FTP server,
- the remote FTP server is unknown to me (is it on the NAS, or are you trying to move files from the source server + NAS to another target server?)

and, hence, there are some questions to be answered. Can you be so kind to answer these questions explicitly?

Furthermore, can you telnet (on port 21) to the NAS? And can you do a port scan of the NAS ports?

Regards
 
Sorry I misread, I thought you asked to post in your thread.

I've tried to connect to a public FTPS server using Plesk that's fine it's definitely something to do with the NAS.

I'm trying to use the backup manager in plesk to backup a site though the connection fails as it does with Filezilla too.


trialotto said:
Furthermore, can you telnet (on port 21) to the NAS?
Click to expand...

I can telnet to the NAS yes.


trialotto said:
can you do a port scan of the NAS ports?
Click to expand...

I've used this tool online though it doesn't appear to scan for the default ports of FTPS... http://mxtoolbox.com/SuperTool.aspx
 
@Damo,

With respect to port scanning, you have to install or use a command like tool like nmap.

From your answer(s), I can safely deduce that it is no problem to make a local connection to the NAS.

That does not imply that "outside" connections can be made: any FTP connection to the NAS is an "outside" connection AND these "outside" connections will be blocked, if the firewall (on the NAS) has been enabled and the appropriate ports are not allowed in the firewall.

In essence, all of the above is normal behaviour for a NAS (Network Attached Storage), which is a storage component on a local network.

The reason why SFTP connections do work is the fact that they are (more or less) "local" by nature (simply stated).

In short, you are wanting to "force" an "outside" connection (i.e. FTP of some kind), even though the NAS is on the local network.

The conclusion should be that you simply do not need the FTP/FTPS connection (i.e. you can use SFTP with Plesk) or that you can do a "mount" (i.e. allowing backups on a mounted share, that will be treated as if you are backing up to the server repository).

Personally, I would strongly recommend to leave the desire for FTP/FTPS for what is and use a SFTP or a "mount" approach to store your backups on the NAS.

Hope the above helps.

Regards....
 
Thanks for your response.

It's a Synology NAS, there's definitely options for outside connections for FTPS on the NAS see the image attached.

Googling around I've noticed that many others are having issues with FTPS on their Synology NAS so I've opened up a ticket with Synology support as Plesk/others should be able to connect to the NAS from outside my local connection.

If support can't help me I'll take the SFTP route you have mentioned.

Capture.PNG
 
@Damo

I am well aware of the issues with Synology NAS, hence my recommendation.

However, given your output (i.e. the attached file), you could or should try the following:

a) enable the IP, assigned to the NAS, in the Plesk Firewall: "allow" on all ports, (and)

b) ascertain that you have selected "passive" mode.

Note that these are settings for Plesk (nothing has to be changed for the NAS settings, unless the above does not work).

Regards....
 
Fair enough.

I've tried with the firewall off within Plesk and I've selected passive mode, there's no change in the error response.

I've tried using my external IP to connect to the NAS using Filezilla and that doesn't seem to want to connect, some have suggested a factory reset on the NAS as that has worked for them, I'm fairly certain something is broken within the NAS as the ports are open on my router/NAS and allowed in the NAS firewall.

I'll just wait for Synology support to get back to me, thanks for the help.
 
@Damo,

There is a method of forwarding traffic to the NAS, but that would be the "crazy" solution.

Maybe Synology support team has a solution, that would be best, at least that is what my personal opinion is.

Regards....
 
@trialotto

I found the problem, it wasn't with Synology it was with the router.

The router I have also uses FTPS which was set to use the default ports since then I've changed the ports on my router to something else and now I'm able to connect to my NAS using FTPS :)
 
@Damo,

Nice to hear that you found the solution and I did give myself a small reprimande: I did not think of the router, I am used to huge networks, switches, fileservers and bridged networking.

Shame on me, grinn. :)
 
You must log in or register to reply here.

Similar threads

P
Issue plesk firewall 2.1.5-412 still has problems
2
Replies
20
Views
2K
PeterKi
P
I
Issue ftp a sftp
Replies
4
Views
876
Inma
I
T
Question Using an external firewall to block Plesk ports
Replies
3
Views
720
thinkjarvis
T
C
Issue Errors with Plesk scheduled backups
Replies
2
Views
176
cmartinez127
C
Azurel
Issue Firewall disabled?
Replies
9
Views
2K
VNick
V
Back
Top