Resolved Unable to use FTP (ProFTPD)

[Sergio Manzi]

Hello, and thanks in advance for any help anyone could provide !

I recently upgraded my Plesk installation from 12.5 to Onyx.

Under 12.5 I didn't have ProFTPD installed as I didn't need it (I was using SFTP - beware, NOT FTPS - under subscription's owner accounts happily as I still do).

After upgrading to Onyx I also noticed that ProFTPD was listed as installed (and actually it was practically impossible to uninstall beacuse of the dependencies). I didn't care about that and I left it alone.

Now, for a particular subscription, I need to add a new FTP account and restrict it to access only a subdirectory of httpdocs.

Everything went smooth as far as regards the FTP account creation (and I have checked it being listed in /etc/passwd).

Problem is that I cannot connect to the FTP server!

I checked Firewall rules and everything is ok there, but I also noticed that ProFTPD is not listed under my services in "Tools&Settings > Services Management".

I already tried a "plesk repair installation", but nothing changed.

What am I doing wrong??

Thanks!

P.S.: I'm running Plesk under CentOS 7.3.1611

P.P.S: "systemctl | grep ftp" returns nothing... :-/

 

[IgorG]

What is output of

# lsof -i tcp:21

command?

 

[Sergio Manzi]

Hello @IgorG, and thanks for helping!

[root@fra101 ~]# lsof -i tcp:21
[root@fra101 ~]#



It really seems ProFTPD isn't installed. Is there a way to force a re-install? As I wrote above "plesk repair installation" didn't had any effect...

 

[IgorG]

Try to reinstall proftpd with something like:

# rpm -e --nodeps psa-proftpd
# plesk installer --select-release-current --install-component=proftpd
# systemctl restart xinetd

After that you should see:

# lsof -i tcp:21
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 24557 root 5u IPv6 23820695 0t0 TCP *:ftp (LISTEN)

 

[Sergio Manzi]

[root@fra101 ~]# rpm -e --nodeps psa-proftpd
.
.
.
[root@fra101 ~]# systemctl restart xinetd
[root@fra101 ~]# lsof -i tcp:21
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 12271 root 5u IPv6 13642482 0t0 TCP *:ftp (LISTEN)
[root@fra101 ~]#

SUCCESS!!!

Thanks!!!!

 

[Sergio Manzi]

... but I still have some FTP blues:

I can fully connect only if I disable the Plesk firewall.

If I instead leave the Plesk firewall enabled , my client connects and authenticate, issue a PASV FTP command, an MLSD and... nothing from there on! Timeout. Tested with two clients: Filezilla and BeyondCompare, same result.

FTP is of course enabled in my Firewall Rules.

 

[Sergio Manzi]

Solved the above firewall issue by following an advice found at https://alex.bouma.me/enable-passive-ftp-plesk-11-and-12/

The proposed solution is to limit the range of ports used for passive FTP and apply an "allow" rule for that range of ports.

This seems to be safe, isn't it?

P.S.: although it would be much safer if the Plesk Firewall was able to dynamically open the requested port and only for the involved IP address...

 

[Bitpalast]

This seems to be safe, isn't it?

Yes, that's the right way to do it.
https://talk.plesk.com/threads/ftp-explicit-not-working.341272/#post-817128

 

[Sergio Manzi]

Thanks @Peter Debik!

I see that in your answer you suggest to create a new configuration file in /etc/proftpd.d instead of modifying the existing /etc/proftpd.conf as it is suggested in the article I mentioned. Is this because /etc/proftpd.conf could be overwritten by Plesk updates?

Anyway, considering that passive FTP seems to be quite the norm today, I insist that:

• a dynamic handling of the involved ports by the firewall would be optimal
• as a bare minimum Plesk should ship already configured with your suggested solution

Thanks again,

Sergio