• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Plesk Firewall - FTP Server logging failed

Hajime Tanaka

Hajime Tanaka

Regular Pleskian
I've enabled Plesk Firewall for FTP Server. I logging to be failed. After I disabled a Plesk Firewall. Still works connected to FTP server.
It's only on SSL. I don't like use insecure SSL on FTP.
 
Hi,

Could you attach detail logs from an FTP-client like FileZilla? This logs could clarify which mode (passive/active) used in your case or what tcp-port was blocked by the firewall.
 
AYamshanov said:
Hi,

Could you attach detail logs from an FTP-client like FileZilla? This logs could clarify which mode (passive/active) used in your case or what tcp-port was blocked by the firewall.
Click to expand...
Here
Code: 
Status:    Connecting to IPHidden:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is the current directory
Command:    TYPE I
Response:    200 Type set to I
Command:    PASV
Response:    227 Entering Passive Mode (IPHidden,139,167). | 227 Entering Passive Mode (IPHidden,132,165).
Command:    MLSD
Error:    Connection timed out after 20 seconds of inactivity
Error:    Failed to retrieve directory listing
Status:    Disconnected from server
 
You used passive FTP. Could you please see (Plesk for Linux) Configuring Passive FTP Mode

To enable passive FTP mode in Plesk for Linux:
  1. Log in to your server via SSH as the root user.
  2. Create the /etc/proftpd.d/55-passive-ports.conf file, add the following lines to it, and then save the changes:
    <Global>
    PassivePorts 49152 65535
    </Global>
  3. Run the following command:
    systemctl restart xinetd
Click to expand...

If you have installed the Plesk Firewall and switched on its default configuration, you need to add a firewall rule allowing passive FTP:
  • Direction: Incoming
  • Action: Allow
  • Ports: TCP 49152-65535
  • Sources: (any host)
Click to expand...

Updated: First three steps from KB was added.
 
Last edited:
AYamshanov said:
You used passive FTP. Could you please see (Plesk for Linux) Configuring Passive FTP Mode
Click to expand...
Doesn't work. I followed this and added to a firewall.
Code: 
Passive FTP mode                                      Allow incoming from all on port 49152-65535/tcp


Status:    Connecting to IPHidden:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Command:    PWD
Response:    257 "/" is the current directory
Command:    TYPE I
Response:    200 Type set to I
Command:    PASV
Response:    227 Entering Passive Mode (IPHidden,161,235).
Command:    MLSD
Error:    Connection timed out after 20 seconds of inactivity
Error:    Failed to retrieve directory listing
 
Code: 
Response:    227 Entering Passive Mode (IPHidden,161,235).
(161x256)+235 = 41451/tcp port.
So, you need to use more wide range in firewall than 49152-65535/tcp or configure 49152-65535/tcp in ProFTPd.
 
AYamshanov said:
Code: 
Response:    227 Entering Passive Mode (IPHidden,161,235).
(161x256)+235 = 41451/tcp port.
So, you need to use more wide range in firewall than 49152-65535/tcp or configure 49152-65535/tcp in ProFTPd.
Click to expand...
I've followed this tutorial first one step.
(Plesk for Linux) Configuring Passive FTP Mode said:
By default, Plesk allows only active FTP connections. This may result in customers being unable to connect to the server via FTP. To avoid this, we recommend enabling passive FTP. This topic explains how to enable passive FTP mode in Plesk for Linux.
To enable passive FTP mode in Plesk for Linux:
  1. Log in to your server via SSH as the root user.
  2. Create the /etc/proftpd.d/55-passive-ports.conf file, add the following lines to it, and then save the changes:
    <Global>
    PassivePorts 49152 65535
    </Global>
  3. Run the following command:
    systemctl restart xinetd
Click to expand...

It is worked now.

Thanks for your help! Please, this adds to your own reply. I just put your reply has the best answer. :)
 
You must log in or register to reply here.

Similar threads

K
Issue Firewall is BROKEN!
Replies
2
Views
2K
klmgraphics
K
C
Issue Errors with Plesk scheduled backups
Replies
2
Views
270
cmartinez127
C
P
Issue FTP connection time out
Replies
1
Views
1K
Peter Debik
P
S
Question Restore Backup with FTP (server to server)
Replies
0
Views
134
safemoon
S
E
Issue Plesk on Ubuntu through AWS Lightsail FTP Issues
Replies
2
Views
256
AYamshanov
AYamshanov
Back
Top