• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

ProFTPD Issue

J

James Heller

New Pleskian
By the way, i have preinstalled again, and havent touched the "Firewall" option yet and the ftp is working fine. Could you assure me that if i follow the steps from the article you gave me it wont break again?
 
Hi James Heller,

as stated in the KB - article, you should make a backup of your "/etc/pam.d/proftpd" - file, if you experience issues after the provided steps, please use the backup, in order to restore your own settings!
 
The problem is that i already have tried this method. It does not work. When i try to modify the firewall rules, this issue appears and all these methods to fix it, they don't work. Today i tried like 20 times and reinstalled 4 times plesk.
 
Plesk Firewall is just a wrapper for iptables. If conntrack_ftp module isn't loaded then passive ftp will be blocked by iptables.
For example (no conntrack_ftp module is loaded):
active ftp works:
Code: 
~$ ftp 10.52.53.101
Connected to 10.52.53.101.
220 ProFTPD 1.3.5 Server (ProFTPD) [10.52.53.101]
Name (10.52.53.101:ruslant): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening BINARY mode data connection for file list
drwxr-xr-x   2 ftpuser  psacln       4096 Jun 24 18:38 error_docs
drwxr-x---   6 ftpuser  psaserv      4096 Jun 24 18:38 httpdocs
drwx------   2 ftpuser  root         4096 Jun 26 17:21 logs
226 Transfer complete
ftp> quit
221 Goodbye.
passive ftp doesn't work:
Code: 
~$ ftp -p 10.52.53.101
Connected to 10.52.53.101.
220 ProFTPD 1.3.5 Server (ProFTPD) [10.52.53.101]
Name (10.52.53.101:ruslant): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,52,53,101,228,120).
ftp: connect: Connection timed out
ftp>

after loading the module:
Code: 
[root@a10-52-53-101 ~]# modprobe ip_conntrack_ftp
[root@a10-52-53-101 ~]# lsmod | grep conntrack_ftp
nf_conntrack_ftp       12913  0
nf_conntrack           79758  6 nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv6,nf_conntrack_ipv4,xt_state
it works:
Code: 
~$ ftp -p 10.52.53.101
Connected to 10.52.53.101.
220 ProFTPD 1.3.5 Server (ProFTPD) [10.52.53.101]
Name (10.52.53.101:ruslant): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,52,53,101,192,180).
150 Opening BINARY mode data connection for file list
drwxr-xr-x   2 ftpuser  psacln       4096 Jun 24 18:38 error_docs
drwxr-x---   6 ftpuser  psaserv      4096 Jun 24 18:38 httpdocs
drwx------   2 ftpuser  root         4096 Jun 26 17:21 logs
226 Transfer complete
ftp> quit
221 Goodbye.
 
Im trying to say that i havent changed any firewall settings. I just click to modify the firewall settings (without changing any settings) and i get these errors that you can see at the screenshots from my first post.

e2389887e9ea718ab55d42591d6e7fb9.png


I just click that button and proftpd fails with the pem errors.

I can give an access to my server and plesk's acp to the plesk developers, but i need you to contact with me by email first.
 
Ok. I understand what do you mean now. There is no "Enable" or "Activate" button because iptables is allways working and Plesk Firewall gives only GUI to manage its rules. Enabling Firewall Management actually applies the listed rules to iptables which are by default works in "allow all" mode. And the default Plesk rules blocks passive ftp on systems where conntrack_ftp module isn't loaded.
 
Oh, i did everything the both of you said, then i modified the firewall rules and now the ftp works! Thank you so much!
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Issue Firewall enabled but rules still gray
Replies
8
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
986
Raul A.
R
K
Issue proftpd: pam_env
Replies
2
Views
609
kevinjansen
K
M
Issue Cannot bring http3 to domains.
Replies
14
Views
2K
MartinT
M
J
Resolved Logs and proFtpd
Replies
5
Views
542
JuanCar
J
Back
Top