• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

ProFTPD Issue

J

James Heller

New Pleskian
By the way, i have preinstalled again, and havent touched the "Firewall" option yet and the ftp is working fine. Could you assure me that if i follow the steps from the article you gave me it wont break again?
 
Hi James Heller,

as stated in the KB - article, you should make a backup of your "/etc/pam.d/proftpd" - file, if you experience issues after the provided steps, please use the backup, in order to restore your own settings!
 
The problem is that i already have tried this method. It does not work. When i try to modify the firewall rules, this issue appears and all these methods to fix it, they don't work. Today i tried like 20 times and reinstalled 4 times plesk.
 
Plesk Firewall is just a wrapper for iptables. If conntrack_ftp module isn't loaded then passive ftp will be blocked by iptables.
For example (no conntrack_ftp module is loaded):
active ftp works:
Code: 
~$ ftp 10.52.53.101
Connected to 10.52.53.101.
220 ProFTPD 1.3.5 Server (ProFTPD) [10.52.53.101]
Name (10.52.53.101:ruslant): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening BINARY mode data connection for file list
drwxr-xr-x   2 ftpuser  psacln       4096 Jun 24 18:38 error_docs
drwxr-x---   6 ftpuser  psaserv      4096 Jun 24 18:38 httpdocs
drwx------   2 ftpuser  root         4096 Jun 26 17:21 logs
226 Transfer complete
ftp> quit
221 Goodbye.
passive ftp doesn't work:
Code: 
~$ ftp -p 10.52.53.101
Connected to 10.52.53.101.
220 ProFTPD 1.3.5 Server (ProFTPD) [10.52.53.101]
Name (10.52.53.101:ruslant): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,52,53,101,228,120).
ftp: connect: Connection timed out
ftp>

after loading the module:
Code: 
[root@a10-52-53-101 ~]# modprobe ip_conntrack_ftp
[root@a10-52-53-101 ~]# lsmod | grep conntrack_ftp
nf_conntrack_ftp       12913  0
nf_conntrack           79758  6 nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv6,nf_conntrack_ipv4,xt_state
it works:
Code: 
~$ ftp -p 10.52.53.101
Connected to 10.52.53.101.
220 ProFTPD 1.3.5 Server (ProFTPD) [10.52.53.101]
Name (10.52.53.101:ruslant): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,52,53,101,192,180).
150 Opening BINARY mode data connection for file list
drwxr-xr-x   2 ftpuser  psacln       4096 Jun 24 18:38 error_docs
drwxr-x---   6 ftpuser  psaserv      4096 Jun 24 18:38 httpdocs
drwx------   2 ftpuser  root         4096 Jun 26 17:21 logs
226 Transfer complete
ftp> quit
221 Goodbye.
 
Im trying to say that i havent changed any firewall settings. I just click to modify the firewall settings (without changing any settings) and i get these errors that you can see at the screenshots from my first post.

e2389887e9ea718ab55d42591d6e7fb9.png


I just click that button and proftpd fails with the pem errors.

I can give an access to my server and plesk's acp to the plesk developers, but i need you to contact with me by email first.
 
Ok. I understand what do you mean now. There is no "Enable" or "Activate" button because iptables is allways working and Plesk Firewall gives only GUI to manage its rules. Enabling Firewall Management actually applies the listed rules to iptables which are by default works in "allow all" mode. And the default Plesk rules blocks passive ftp on systems where conntrack_ftp module isn't loaded.
 
Oh, i did everything the both of you said, then i modified the firewall rules and now the ftp works! Thank you so much!
 
Last edited:
You must log in or register to reply here.

Similar threads

A
Issue Firewall enabled but rules still gray
Replies
8
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
jola
Issue Firewall stops working
Replies
7
Views
890
Peter van der Kleij
P
The 8th
Issue Server Error 502 Bad Gateway
Replies
10
Views
1K
WebHostingAce
WebHostingAce
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
3K
Raul A.
R
I
Resolved http3 issue with Angular app
Replies
4
Views
906
igorosabel
I
Back
Top