Configuring Passive FTP To Work With Firewall
Mar 23, 2009
I'm running a Win2003 dedicated server with IIS and Plesk v9. While trying to configure my FTP ports I found out that my host has a basic (free) hardware firewall on my main/shared IP with ports 2000-2015 reserved for passive FTP connections. I asked them if they could change the ports to match the default ones but to customize hardware firewall settings I'm require to upgrade to a paid solution.
I again tried to approach the problem by trying to get IIS to conform to the host's ports. However after some research I found that the default MSFTP range is 1025-5000 while custom values have to be between 5001-65535. My host recommends I upgrade to a personal hardware firewall or make do with a software firewall. Other than dropping the firewall is there nothing I can do here?
I've thought of serving FTP on a dedicated IP (which would be exempted from the hardware firewall) but when I tried to set it up I got a directory permission error during connection attempts. I may be mistaken but this appears to be an an issue with Plesk not liking to serve a website's HTTP and FTP on separate IPs. Is solving this problem my best bet?
View 3 Replies
ADVERTISEMENT
Apr 21, 2009
Do you still have to add each port individually to Server 2008's Firewall like we did on Server 2003?
If so, will the guides that were put out for 2003 work on 2008's? I want to be sure before putting all these ports in....if I can just specify a range instead, it would be much easier!
View 3 Replies
View Related
Mar 1, 2015
I have some issues with the plesk firewall:
1. Emails are not delivered:
From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...
a) Firewall was blocking the port 25 on server restart.
b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails.
c) In /var/log/maillog there is no error.
2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking, opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf
The issue appears randomly, because in the last 5 days i didn´t restart the server, the last time i checked it worked. Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...
View 2 Replies
View Related
Aug 19, 2014
I am running Plesk 12 . Centos 6.5
I have Plesk Firewall Installed.
After the Plesk Firewall was enabled the FTP Stopped working in passive Mode.
I searched the net and found the following :
Code:
/etc/sysconfig/iptables-config and change the line with IPTABLES_MODULES to: IPTABLES_MODULES="ip_conntrack_ftp"
It started working.
I changed the default FTP port from proftpd.conf
Code:
port 2392
and /etc/services
Code:
ftp 2392/tcp
ftp 2392/udp fsp fspd
I allowed the new port in Plesk Firewall in Incoming connection and disabled port 21
Now I am not able to connect to the ftp, I get the following error. Have I missed anything ?
Code:
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode (85,25,51,34,216,46).
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
View 4 Replies
View Related
Jul 25, 2007
I'm using Windows XP and installed Apache, PHP 5 and MySql 5. They were all working before, but recently I had to format my hard drive. Fortunately, I had an image of my computer created from before but MySql was not installed when that image was created.
After deploying that image, everything seems to be working fine. The server is running and PHP scripts are executing as well. But I can't seem to have MySql to work. I've followed many tutorials online, but have no luck.
I have edited the php.ini file to point to the correct directory that holds the extentions or dll's. I also enabled the following:
extension=php_mbstring.dll
extension=php_mysqli.dll
extension=php_mysql.dll
I already tested to see if MySql was correctly installed by using the command line client and it seems to be installed. I was able to log in and see the default databases created.
But when I run the following php script
<? phpinfo() ?>
I don't see the MySql section anywhere and that's why I'm assuming that PHP is not currently working with MySql for me. However, interestingly, I do see the "mbstring" section, which I assume should show only if MySql is working with PHP. But nothing else related to MySql info shows up. I've attached part of the screen shot if it helps you.
View 3 Replies
View Related
Nov 10, 2008
I run a small datacenter, and we are migrating from Cisco to Linux based routers.
This routers should run a firewall, DDOS mitigation rules, CBQ bandwidth limitation, etc..
I know how to mitigate DDOS using tcpdump, also I know how to route..
I just need some advice about the firewall, stopping basic DDOS, fragmented packets, etc..
Should I use APF firewall in this case? Is there a good IPTABLES set of rules I could use?
I'm giving up from Ciscos, as I just discovered there are some UDP packets that can easily break them. I tested it last night, and that was it, nothing secure A few traffic (bogus UDP packets) and the router was down for a few minutes.
View 5 Replies
View Related
Apr 25, 2008
Will bastille work if my server already has the APF firewall?
View 0 Replies
View Related
Jan 19, 2008
what are the inbound and outbound ports when FTP Passive mode is used for PureFTPd.
View 3 Replies
View Related
Oct 4, 2009
vpsland.com what kind of passive support they have ? 48H without any progress ...
i bought VPS three months back and i am avoiding to disturb their sleeping APAIC but this is the first issue i have with their support , my vps turned offline with out any known reason no billing ,no abusing emails ..etc ...
View 4 Replies
View Related
Sep 11, 2009
We're building-out a new room, and believe we could raise cold aisle temps about 5 degrees F if we use ducted cabinet exhaust. Heat density is limited by traditional cold air supply (e.g. 7kw per cabinet using AirGrate perf tiles), so I'm focusing on passive ducted exhaust.
We can purchase via any rep in the USA, FOB. So far, I'm aware of:
- CPI/Chatsworth TeraFrame
- Wrightline
- Wrightline HCS for APC NetShelter
- Damac
- custom?
View 13 Replies
View Related
Jan 21, 2008
My roommate ran into this problem a few weeks ago. He could not connect to a webserver. Turns out it is the way that some of the ports are being handled when passive FTP is used.
I was wondering if a lot of web hosting companies are seeing some complaints of (passive) FTP not working properly? And who are you blaming?
He had to install some firmware updates to the Linksys router as well but then that started to crash the Internet connection (something we cannot have). So the router update was uninstalled.
He had to do quite a bit and finally started to use the control panel to upload. He has not tried FileZilla yet but I tried it on my system to connect to his server and it failed.
View 4 Replies
View Related
Oct 14, 2014
After some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:
Connect ok!
"/" is the current directory
Get directory
227 Entering Passive Mode
550 Access is denied.
Server logs:
/var/log/messages
Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709 from=::ffff:xxx.xxx.xxx.xxx
Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d'
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened.
But:
/var/log/secure:
Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/pam_stack.so
Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - USER client: Login successful.
ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured
ad2: everything was fine until recent updates
ad3: this is happening only for passive users only
ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19
View 6 Replies
View Related
Dec 17, 2008
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
View 3 Replies
View Related
Jun 13, 2008
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
View 1 Replies
View Related
Apr 13, 2008
I have IIS with the default site and a site i created. it appeared to be configured correctly but even from the server if i try to "browse" any of the pages i still get "internet explorer cannot display the page" from my site and "under construction" from the IIS default site.
View 7 Replies
View Related
Oct 21, 2008
I have a machine which runs on Desktop board with 1 LAN port built in.
I just bought a new USB-LAN and plug into the USB but I have question about how to configure it. I cannot see eth1 inside /etc/sysconfig/network-scripts, so where can I configure USB LAN?
View 3 Replies
View Related
Jan 22, 2007
I got dedicated server with plesk 7.8 installed on it. Can anybody tell me what to do next to add new website.
I have ip through which i can login to plesk control panel.
I want to know how can i create name servers which i will use for my domains like ns1.abc.com ns2.abc.com.
What setting i need to create by use DNS button in control panel to run my sites properly.
View 1 Replies
View Related
Dec 28, 2006
I'm over here trying to rebuild php with GD in WHM, I go through the entire motion of Apache Update (with GD selected as a PHP Module) and ummmm... after it's done, I check my phpinfo() and there is no GD section, let alone has the build date been changed.
View 9 Replies
View Related
Mar 24, 2009
I am moving my servers this week and my new host doesn't do domain hosting. This is my first time doing it, I need help in pointing my domain to the new server. I just need the basic settings for A, CNAME and MX records.
View 13 Replies
View Related
Jul 14, 2009
how to which will help me to make a correct configuration of mail server. I want to set up a mail server with e.g three domain names and all three domain names will have few similar email addresses like info, sales, marketing and so on. I know that this can be done by using control panels but I am not big fan of control panels I want to do a pure Linux administration using the command line.
View 6 Replies
View Related
Mar 31, 2009
I've continually worked on it, but nothing seems to give.
I'll install it in the right place, but not have the config saved properly, or it's in the wrong place but saved right.
View 2 Replies
View Related
Jun 29, 2008
Is there somewhere that either has a tutorial or explains how a DR site is setup and activated when the primary site goes down? And how do you configure it to fail-over to the primary site again once it is back up and running?
I'm planning to have a certain hardware configuration in place at a primary site (load balancers/web/app/database/SAN) supporting a service that MUST remain online. Because it's mission critical, I also will need a DR (disaster recovery) configuration at a secondary site. My challenge is how to configure DNS or whatever to fail over the primary site to the secondary site if the primary experiences a failure of some sort. Then fail it back post-recovery.
I am planning to use the secondary site to burn-in development prior to go-live and when ready, migrate the changes to the primary so both sites are identical.
I am doing some investigation regarding NetScaler appliances to understand how they work. At first glance it seems they are able to direct incoming traffic to specific locations based on various criteria (geo, speed, load capacity, etc). I noticed they are also a recommended solution by Citrix for traffic management... but a DR solution is evading me. And something is telling me it's not all about some piece of hardware.
View 2 Replies
View Related
Apr 9, 2008
i got DNS and IIS installed and configued DNS completely by the book. I made 2 forward lookup zones ns1 and ns2.mydomain.net
what is this step im missing between that process and being able to tell godaddy to hit my nameserver. it just keeps telling me they are not registered nameservers so i must be missing something here.
View 9 Replies
View Related
Jan 7, 2008
I have got a WHM Reseller Account, with a Dedicated IP address and RapidSSL Certificate.
My host has setup the SSL for me, and it works fine when I access [url](where main-domain.com is the Domain associated with my WHM account).
However when I try and access https on any Account which I've made under my Reseller Account, I'm just redirected back to [url]
I was under the impression that if I accessed a Domain on an account I made that shares the same IP as my SSL Certificate, that the SSL Certificate would appear for that Domain name too, but this isn't the case.
Is there any change the my DNS records, or something I can ask my host to do to get it to work?
View 2 Replies
View Related
Aug 2, 2008
I want to configure Nagios to monitor Windows and Linux servers and their services. I have to install NSClient in Windows servers and NRPE in Linux servers to collect the data. I don't want to install any plugin in any server. Is there any guide available which describes how to enable Monitoring of servers using SNMP through Nagios?
View 2 Replies
View Related
Sep 11, 2008
is it possible for us to set up plesk sp that it monitors bandwidth usage week on week instead of month on month?
View 4 Replies
View Related
Jul 5, 2008
I saw an ad on WHT by LimeStone Networks and decided to get a server from them. My server was made within few hours. On the server, I was only able to connect to the SSH on port 22, I could not login to the DirectAdmin or anything.
So, I tried shutting down the "iptables" firewall like this:
Code:
service iptables stop
and then tried to access the directadmin like this:
[url]
and it worked. So, the problem is that, my host only configured ssh on my server and didnt configure the rest.
How do I open the rest of ports, e.g.
2222 (directadmin)
80 (web server)
21 (ftp)
443 (https)
3306 (mysql)
etc... ?
on the welcome email, this is what they said about the firewall, but I don't quite understand
Quote:
Please be advised that your server's firewall is active for your protection and will only accept connections on port 22/tcp by default.
If you modify firewall or IPTable rules on your server, please be sure to have them configured to allow inbound and outbound traffic on all ports (TCP & UDP 1-65535) from 209.130.152.0/28.
View 4 Replies
View Related
Mar 27, 2008
I'm trying to install and configure pureFTPD on my VPS which I just got.
Right, here goes one of my stupid questions:
When I try to start pure-ftpd (with the command /usr/sbin/pure-ftpd & ), this is what I get:
[1] 20271
What does [1] 20271 mean (or it may be other random number)?
And I can't see pure-ftpd as a running process (ps -ef command). So what's happening, how do I start pure-ftpd properly? It is installed as far as I understand.
Quote:
...lots of other packages...
ii pure-ftpd 1.0.21-8 Pure-FTPd FTP server
ii pure-ftpd-comm 1.0.21-8 Pure-FTPd FTP server (Common Files)
View 6 Replies
View Related