• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Unable to add my external FTP server for backup

P

Pifou

New Pleskian
Hello,
I have a problem adding an external ftp server to plesk
Actually, my FTP server has the specificity to close the connection each time a FTP command used by Plesk is not compatible (502 command not implemented)
So when Plesk tries to use EPSV which is an incompatible command with my FTP, it tries to use PASV instead but the FTP server has already closed the connection because there was an FTP 502 error before.
I would like to force the use of PASV and disable the use of EPSV to prevent the FTP server from closing the connection.


Here are the logs I was able to get with ppm-ras :


[2021-01-31 00:03:01.780|32521] INFO: Curl output: * Connected to (ipaddress) port 21 (#1)
[2021-01-31 00:03:01.800|32521] INFO: Curl output: < 220 server ready - login please
[2021-01-31 00:03:01.801|32521] INFO: Curl output: > USER username
[2021-01-31 00:03:01.808|32521] INFO: Curl output: < 331 password required
[2021-01-31 00:03:01.809|32521] INFO: Curl output: > PASS *****
[2021-01-31 00:03:02.740|32521] INFO: Curl output: < 230 login accepted
[2021-01-31 00:03:02.740|32521] INFO: Curl output: > PWD
[2021-01-31 00:03:02.748|32521] INFO: Curl output: < 257 "/" is your current location
[2021-01-31 00:03:02.748|32521] INFO: Curl output: * Entry path is '/'
[2021-01-31 00:03:02.748|32521] INFO: Curl output: > CWD backup
[2021-01-31 00:03:02.748|32521] INFO: Curl output: * ftp_perform ends with SECONDARY: 0
[2021-01-31 00:03:02.899|32521] INFO: Curl output: < 250 OK. Current directory is /backup
[2021-01-31 00:03:02.899|32521] INFO: Curl output: > EPSV
[2021-01-31 00:03:02.899|32521] INFO: Curl output: * Connect data stream passively
[2021-01-31 00:03:02.908|32521] INFO: Curl output: < 502 command not implemented
[2021-01-31 00:03:02.908|32521] INFO: Curl output: * Failed EPSV attempt. Disabling EPSV

--- FTP closes the connection here because "502 command not implemented".

[2021-01-31 00:03:02.908|32521] INFO: Curl output: > PASV
[2021-01-31 00:03:02.921|32521] INFO: Curl output: < 227 Entering Passive Mode (ip)
[2021-01-31 00:03:02.922|32521] INFO: Curl output: * Skip (ipaddress) for data connection, re-use (ipadress) instead
[2021-01-31 00:03:02.922|32521] INFO: Curl output: * Trying (ipaddress)...
[2021-01-31 00:03:02.922|32521] INFO: Curl output: * Connecting to (ipdadress) port 63065
[2021-01-31 00:03:02.927|32521] INFO: Curl output: * connect to (ipdadress) port 21 failed: Connection refused
[2021-01-31 00:03:02.927|32521] INFO: Curl output: * Failed to connect to (ipdadress) port 21: Connection refused
[2021-01-31 00:03:02.927|32521] INFO: Curl output: * Closing connection 1
Click to expand...



Thank you for your help
 
Pifou said:
[2021-01-31 00:03:02.921|32521] INFO: Curl output: < 227 Entering Passive Mode (ip)
Click to expand...
You say that your FTP server closes the connection, but that is not true. You can see from the log line above that occurs after the time when you say it has closed the connection, that it does enter passive mode. However, it does not let you connect to port 63065.

The issue here is this that a firewall is blocking the passive port range of ephemeral ports that are used for data transfer once the communication has been established through port 21. If this is Plesk server-side, then this article will help:
support.plesk.com

 How to configure the passive ports range for ProFTPd on a Plesk server behind a firewall

Applicable to: Plesk for Linux Question How to configure the passive ports range for ProFTPd on a server behind a firewall? Answer Note: When configuring the passive port range, a selected port ...
support.plesk.com support.plesk.com
If this is not on the Plesk server-side, but in a firewall on or before your FTP server, you need to open the port range there.
 
I had already done all the steps in this tutorial.

I don't think it's a firewall problem, when I connect to the ftp with the ssh of my server, I can switch to passive mode without error.

ftpssh.jpg

With another FTP server in passive mode that allows the EPSV command, it works, but with one that doesn't allow this command, it doesn't work.
However, I can to connect to both FTPs with FileZilla.

For information, here are the full logs when I try to connect to the ftp with pmm-ras : (i hid sensitive information)

root@user:/sbin# DUMP_STORAGE_PASSWD=password /usr/local/psa/admin/bin/pmm-ras --check-repository --dump-storage=ftp://user: [email protected]:21/backup/ --use-ftp-passive-mode --debug --verbose --session-path=/var/log/plesk/PMM
[2021-01-31 16:57:42.238|19248] INFO: pmm-ras started : /usr/local/psa/admin/bin/pmm-ras --check-repository --dump-storage=ftp://user : [email protected]:21/backup/ --use-ftp-passive-mode --debug --verbose --session-path=/var/log/plesk/PMM
[2021-01-31 16:57:42.238|19248] INFO: Repository 'ftp://62.210.18.56:21/backup/': Initializing...
[2021-01-31 16:57:42.238|19248] INFO: Transport: Get repository transport ftp://62.210.18.56:21/backup/
[2021-01-31 16:57:42.238|19248] INFO: Transport: Init credentials for user 'user'
[2021-01-31 16:57:42.238|19248] INFO: Curl version: 0x74a00
[2021-01-31 16:57:42.239|19248] INFO: Repository 'ftp://62.210.18.56:21/backup/': Initialized
[2021-01-31 16:57:42.239|19248] INFO: Test stage: Check directory access
[2021-01-31 16:57:42.239|19248] INFO: Transport: List dir /
[2021-01-31 16:57:42.239|19248] INFO: Ftp init url ftp://62.210.18.56:21/backup/
[2021-01-31 16:57:42.239|19248] INFO: Curl output: * Trying 62.210.18.56:21...
[2021-01-31 16:57:42.241|19248] INFO: Curl output: * Connected to 62.210.18.56 (62.210.18.56) port 21 (#0)
[2021-01-31 16:57:42.243|19248] INFO: Curl output: < 220 server ready - login please
[2021-01-31 16:57:42.243|19248] INFO: Curl output: > USER user
[2021-01-31 16:57:42.244|19248] INFO: Curl output: < 331 password required
[2021-01-31 16:57:42.244|19248] INFO: Curl output: > PASS *****
[2021-01-31 16:57:43.477|19248] INFO: Curl output: < 230 login accepted
[2021-01-31 16:57:43.477|19248] INFO: Curl output: > PWD
[2021-01-31 16:57:43.478|19248] INFO: Curl output: < 257 "/" is your current location
[2021-01-31 16:57:43.478|19248] INFO: Curl output: * Entry path is '/'
[2021-01-31 16:57:43.478|19248] INFO: Curl output: > OPTS UTF8 ON
[2021-01-31 16:57:43.478|19248] INFO: Curl output: * ftp_perform ends with SECONDARY: 0
[2021-01-31 16:57:43.479|19248] INFO: Curl output: < 502 command not implemented
[2021-01-31 16:57:43.480|19248] INFO: Curl output: * QUOT command failed with 502
[2021-01-31 16:57:43.480|19248] INFO: Curl output: * Closing connection 0
[2021-01-31 16:57:43.480|19248] INFO: Curl error: (21) Quote command returned error: Last FTP request: OPTS UTF8 ON Last FTP response: 502 command not implemented
[2021-01-31 16:57:43.480|19248] INFO: Ftp extended list dir
[2021-01-31 16:57:43.480|19248] INFO: Curl output: * Hostname 62.210.18.56 was found in DNS cache
[2021-01-31 16:57:43.481|19248] INFO: Curl output: * Trying 62.210.18.56:21...
[2021-01-31 16:57:43.482|19248] INFO: Curl output: * Connected to 62.210.18.56 (62.210.18.56) port 21 (#1)
[2021-01-31 16:57:43.484|19248] INFO: Curl output: < 220 server ready - login please
[2021-01-31 16:57:43.484|19248] INFO: Curl output: > USER user
[2021-01-31 16:57:43.485|19248] INFO: Curl output: < 331 password required
[2021-01-31 16:57:43.485|19248] INFO: Curl output: > PASS *****
[2021-01-31 16:57:44.409|19248] INFO: Curl output: < 230 login accepted
[2021-01-31 16:57:44.409|19248] INFO: Curl output: > PWD
[2021-01-31 16:57:44.414|19248] INFO: Curl output: < 257 "/" is your current location
[2021-01-31 16:57:44.415|19248] INFO: Curl output: * Entry path is '/'
[2021-01-31 16:57:44.415|19248] INFO: Curl output: > CWD backup
[2021-01-31 16:57:44.415|19248] INFO: Curl output: * ftp_perform ends with SECONDARY: 0
[2021-01-31 16:57:44.419|19248] INFO: Curl output: < 250 OK. Current directory is /backup
[2021-01-31 16:57:44.419|19248] INFO: Curl output: > EPSV
[2021-01-31 16:57:44.419|19248] INFO: Curl output: * Connect data stream passively
[2021-01-31 16:57:44.422|19248] INFO: Curl output: < 502 command not implemented
[2021-01-31 16:57:44.422|19248] INFO: Curl output: * Failed EPSV attempt. Disabling EPSV
[2021-01-31 16:57:44.422|19248] INFO: Curl output: > PASV
[2021-01-31 16:57:44.426|19248] INFO: Curl output: < 227 Entering Passive Mode (62,210,18,28,247,2)
[2021-01-31 16:57:44.426|19248] INFO: Curl output: * Skip 62.210.18.28 for data connection, re-use 62.210.18.56 instead
[2021-01-31 16:57:44.426|19248] INFO: Curl output: * Trying 62.210.18.56:63234...
[2021-01-31 16:57:44.426|19248] INFO: Curl output: * Connecting to 62.210.18.56 (62.210.18.56) port 63234
[2021-01-31 16:57:44.427|19248] INFO: Curl output: * connect to 62.210.18.56 port 21 failed: Connection refused
[2021-01-31 16:57:44.427|19248] INFO: Curl output: * Failed to connect to 62.210.18.56 port 21: Connection refused
[2021-01-31 16:57:44.428|19248] INFO: Curl output: * Closing connection 1
[2021-01-31 16:57:44.428|19248] INFO: Curl error: (7) Couldn't connect to server: Last FTP request: PASV Last FTP response: 227 Entering Passive Mode (62,210,18,28,247,2)
[2021-01-31 16:57:44.428|19248] INFO: CurlError Curl error: (7) Couldn't connect to server: Last FTP request: PASV Last FTP response: 227 Entering Passive Mode (62,210,18,28,247,2) [common/pl esk-utils/PMM/repository-transport/ftp.cpp:CurlError]
plesk::tFtpConnection::ListEx(std::vector<plesk::FtpFileInfo>&)::<lambda()>
<?xml version="1.0" encoding="UTF-8"?>
<repository-check-errors>
<repository-check-error>
<operation>list</operation>
<message>Transport error: unable to list directory: Curl error: (7) Couldn't connect to server: Last FTP request: PASV Last FTP response: 227 Entering Passive Mode (62,210,18,28,247,2)</mes sage>
</repository-check-error>
</repository-check-errors>
[2021-01-31 16:57:44.428|19248] INFO: pmm-ras finished. Exit code: 0
Click to expand...
 
Last edited:
Actually, in your new log, there is a different error:
Code: 
[2021-01-31 16:57:43.478|19248] INFO: Curl output: > OPTS UTF8 ON
[2021-01-31 16:57:43.478|19248] INFO: Curl output: * ftp_perform ends with SECONDARY: 0
[2021-01-31 16:57:43.479|19248] INFO: Curl output: < 502 command not implemented
[2021-01-31 16:57:43.480|19248] INFO: Curl output: * QUOT command failed with 502
[2021-01-31 16:57:43.480|19248] INFO: Curl output: * Closing connection 0

So here it is no longer a missing "EPSV", but now it is a missing "OPTS".

I also wonder why two different IP addresses for the same FTP connection are tried:
Regularly 62.210.18.56 and then all the sudden 62.210.18.28 as in

Code: 
[2021-01-31 16:57:44.419|19248] INFO: Curl output: > EPSV
[2021-01-31 16:57:44.419|19248] INFO: Curl output: * Connect data stream passively
[2021-01-31 16:57:44.422|19248] INFO: Curl output: < 502 command not implemented
[2021-01-31 16:57:44.422|19248] INFO: Curl output: * Failed EPSV attempt. Disabling EPSV
[2021-01-31 16:57:44.422|19248] INFO: Curl output: > PASV
[2021-01-31 16:57:44.426|19248] INFO: Curl output: < 227 Entering Passive Mode (62,210,18,28,247,2)
[2021-01-31 16:57:44.426|19248] INFO: Curl output: * Skip 62.210.18.28 for data connection, re-use 62.210.18.56 instead
[2021-01-31 16:57:44.426|19248] INFO: Curl output: *   Trying 62.210.18.56:63234...

Here again you can see that the connection is actually not closed after the EPSV command, but the command PASV is accepted and the server with the IP 62.210.18.28 responds correctly (in this line)

Code: 
[2021-01-31 16:57:44.426|19248] INFO: Curl output: < 227 Entering Passive Mode (62,210,18,28,247,2)

However, I don't understand why a different FTP server is responding, and not the one that was initially addressed. Could it all be a simple name resolution issue? You could try to enter the IP address of your FTP storage space into the configuration instead of a name to rule out that possibility.
 
Hello there.

We happen to have a similar problem here.

We use Plesk 18.0.33 installed on a Ubuntu 16.04.7 LTS dedicated server. We recently have trouble with remote backup on a FTP(S) Cloud service for some of our domains.
Since a few weeks now, backup fails with the following message:
Code: 
Unable to create remote backup. Error: Unable to export backup: Transport error: Unable to create the directory 'ftps://dedibackup-dc2.online.net//FTP_DIR/': Curl error: (21) Quote command returned error: Last FTP request: MKD FTP_DIR Last FTP response: 550 5582224 Kbytes used (5%) - authorized: 102400000 Kb


With it comes a warning saying credentials are wrong, so we reset them and changed them in the Remote Backup Configuration for one of our domains. Parameter validation fails with the following message :
Code: 
Transport error: unable to list directory: Curl error: (7) Couldn't connect to server: Last FTP request: PASV Last FTP response: 227 Entering Passive Mode (62,210,17,4,244,101) Make sure you've entered the correct storage settings. You can independently check using the command : curl -v --ftp-pasv --ssl -k -u FTP_USER 'ftp://dedibackup-dc2.online.net//FTP_DIR//'


Running the given command shows a problem while activating passive FTP :
Code: 
curl -v --ftp-pasv --ssl -k -u FTP_USER 'ftp://dedibackup-dc2.online.net//FTP_DIR//'
Enter host password for user 'FTP_USER':
*   Trying 62.210.17.47...
* Connected to dedibackup-dc2.online.net (62.210.17.47) port 21 (#0)
< 220 server ready - login please
> AUTH SSL
< 530 login first
> AUTH TLS
< 530 login first
> USER FTP_USER
< 331 password required
> PASS GxC06Hqsrr8mzZj
< 230 login accepted
> PWD
< 257 "/" is your current location
* Entry path is '/'
> CWD /
* ftp_perform ends with SECONDARY: 0
< 250 OK. Current directory is /
> CWD FTP_DIR
< 250 OK. Current directory is /FTP_DIR
> EPSV
* Connect data stream passively
< 502 command not implemented
* Failed EPSV attempt. Disabling EPSV
> PASV
< 227 Entering Passive Mode (62,210,17,4,242,27)
* Skip 62.210.17.4 for data connection, re-use dedibackup-dc2.online.net instead
*   Trying 62.210.17.47...
* Connecting to 62.210.17.47 (62.210.17.47) port 61979
* connect to 62.210.17.47 port 21 failed: Connection refused
* Failed to connect to dedibackup-dc2.online.net port 21: Connection refused
* Closing connection 0
curl: (7) Failed to connect to dedibackup-dc2.online.net port 21: Connection refused

Adding the following option to the curl command solves the problem :
Code: 
curl -v --ftp-pasv --ssl -k --no-ftp-skip-pasv-ip -u FTP_USER 'ftp://dedibackup-dc2.online.net//FTP_DIR//'
Enter host password for user 'FTP_USER':
*   Trying 62.210.17.47...
* Connected to dedibackup-dc2.online.net (62.210.17.47) port 21 (#0)
< 220 server ready - login please
> AUTH SSL
< 530 login first
> AUTH TLS
< 530 login first
> USER FTP_USER
< 331 password required
> PASS GxC06Hqsrr8mzZj
< 230 login accepted
> PWD
< 257 "/" is your current location
* Entry path is '/'
> CWD /
* ftp_perform ends with SECONDARY: 0
< 250 OK. Current directory is /
> CWD FTP_DIR
< 250 OK. Current directory is /FTP_DIR
> EPSV
* Connect data stream passively
< 502 command not implemented
* Failed EPSV attempt. Disabling EPSV
> PASV
< 227 Entering Passive Mode (62,210,17,4,247,147)
*   Trying 62.210.17.4...
* Connecting to 62.210.17.4 (62.210.17.4) port 63379
* Connected to dedibackup-dc2.online.net (62.210.17.4) port 21 (#0)
> TYPE A
< 200 TYPE is now ASCII
> LIST
< 150 Accepted data connection

How could we get this behaviour for the backup process trough Plesk interface ?
We can provide further information if needed

Thanks for your time. Regards.
 
Hi,

I have the same problem here, no firewall configured and also on a dedibox from online.net that refuses active connexion.
Is it a problem that the IP address that is connecting is not the same as the primary for that domain ?
I didn't found a workarround yet does someone as a solution ?

Regards,
 
Unchecking "Use passive mode" in the backup "Remote Storage Settings" does not do the trick?
 
Peter Debik said:
Unchecking "Use passive mode" in the backup "Remote Storage Settings" does not do the trick?
Click to expand...
Thanks for your reply but I need to be in passive mode as backup server doesn't accept active connexions.
It does login but it don't accept remote connexion :
Curl error: (7) Couldn't connect to server: Last FTP request: PASV Last FTP response: 227 Entering Passive Mode (62,210,18,30,242,71)
Maybe as you said because of distinct IP address ? (firewall is disabled, and servers IPs and domain added to white list).
What do you think about Dutiko answer ? Is there a way to add --no-ftp-skip-pasv-ip to backup command ?

Regards,
 
You must log in or register to reply here.

Similar threads

C
Issue Transport error: unable to list directory: Curl error: (18) Transferred a partial file: Last FTP request
Replies
0
Views
153
cgoguyer
C
Gh()st
Issue Remote Storage FTP(S) Issue
Replies
0
Views
234
Gh()st
Gh()st
C
Issue Errors with Plesk scheduled backups
Replies
2
Views
163
cmartinez127
C
H
Issue Backup failing to connect to remote FTP server
Replies
5
Views
2K
Peter Debik
P
Endre
Issue Unable to access the remote backup storage using SFTP
Replies
6
Views
1K
Endre
Endre
Back
Top