Plesk 12.x / Linux :: Firewall Enabled - FTP Stopped Working In Passive Mode
Aug 19, 2014
I am running Plesk 12 . Centos 6.5
I have Plesk Firewall Installed.
After the Plesk Firewall was enabled the FTP Stopped working in passive Mode.
I searched the net and found the following :
Code:
/etc/sysconfig/iptables-config and change the line with IPTABLES_MODULES to: IPTABLES_MODULES="ip_conntrack_ftp"
It started working.
I changed the default FTP port from proftpd.conf
Code:
port 2392
and /etc/services
Code:
ftp 2392/tcp
ftp 2392/udp fsp fspd
I allowed the new port in Plesk Firewall in Incoming connection and disabled port 21
Now I am not able to connect to the ftp, I get the following error. Have I missed anything ?
Code:
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode (85,25,51,34,216,46).
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
View 4 Replies
ADVERTISEMENT
Oct 14, 2014
After some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:
Connect ok!
"/" is the current directory
Get directory
227 Entering Passive Mode
550 Access is denied.
Server logs:
/var/log/messages
Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709 from=::ffff:xxx.xxx.xxx.xxx
Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d'
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened.
But:
/var/log/secure:
Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/pam_stack.so
Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - USER client: Login successful.
ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured
ad2: everything was fine until recent updates
ad3: this is happening only for passive users only
ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19
View 6 Replies
View Related
Mar 1, 2015
I have some issues with the plesk firewall:
1. Emails are not delivered:
From some reasons, plesk is blocking incoming 25 port (in plesk shows opened, but it's not)My emails are delivered trough port 25, after doing some tests ( i've sent some emails to an email account hosted in the server) there was no email in the roundcube inbox! All emails were blocked...
a) Firewall was blocking the port 25 on server restart.
b) I have succesfully unblocked it from plesk manager -> tools -> edit/change -> even if i didn't change anything, i saved the "changes" and in my roundcube inbox i recived all the test emails.
c) In /var/log/maillog there is no error.
2. Passive FTP gets blocked in the same way, to successfully connect FireFTP on passive mode i need to repeat 1.b steps even if i've created a special rule to prevent the blocking, opening 49152-65534 ports and set PassivePorts 49152 65534 in /etc/proftpd.conf
The issue appears randomly, because in the last 5 days i didn´t restart the server, the last time i checked it worked. Today, without touching anything, firewall blocked my passive FTP and I had probmels reciving emails from gmail, yahoo etc...
View 2 Replies
View Related
Jun 26, 2014
After upgrading to Plesk 12 the FTP connection has become very slow. Mode Security, Fail2Ban and Plesk Firewall have been enabled, the security is set to force sFTP and maximum security and in /etc/proftpd.d/ a conf file has been added to set the passive ports that have been opened in the Plesk Firewall (60000 to 62000)
Turning off the Mod Security does not solve the slow connection.
What can we do to detect the cause of the problem?
View 3 Replies
View Related
Apr 10, 2014
I enabled plesk firewall to my ip now I cant seem retrieve directory listing. I've done the same with ssh that works fine.
Response:230 User logged in
Command:OPTS UTF8 ON
Response:200 UTF8 set to on
Status:Connected
Status:Retrieving directory listing...
Command:PWD
Response:257 "/" is the current directory
Command:TYPE I
Response:200 Type set to I
Command:PASV
Response:227 Entering Passive Mode
Command:MLSD
Error:Connection timed out
Error:Failed to retrieve directory listing
View 3 Replies
View Related
Sep 15, 2014
I have recently migrated my websites from Plesk 11.0.9 to a new server with Plesk 12.x and the webalizer is not working.
- Is there a chance to repair it and not loose the data? If yes, how do I do that?
- Or do I have to remove it and install Webalizer again? How do I do that?
OS Ubuntu
Uninstalling Webalizer with plesk updater is not possible.
After executing this:
Code:
# /usr/local/psa/admin/bin/statistics --calculate-all
I get:
Code:
WARNING during statistics_collector execution: : Executing logs preparation...
error: error creating output file /var/www/vhosts/system/domain.tld/logs/error_log.1: File exists
statistics[6845]: Unable to execute logrotate via: /opt/psa/logrotate/sbin/logrotate /opt/psa/etc/logrotate.conf -s /opt/psa/var/logrotate.status
View 8 Replies
View Related
Feb 12, 2015
on one of our Plesk-Servers (Plesk 12.0.18 Update 34 on Debian 7.6) the scheduled backup stopped working. Scheduled Backup is active in Backup-Manager, but it's not executed.
View 2 Replies
View Related
Jun 9, 2015
Automatic Parallels Plesk. 12.0.18 has stopped working but no solution from plesk yet? I think every user has the same problem. Many people asked the same question but no solution/answer from plesk.
View 13 Replies
View Related
Jun 13, 2014
I am getting this error after installing the AfterLogic WebMail Pro_7 app on a domain.
I removed the app but AfterLogic still appears in the list of available Webmail options. I am getting the error even after changing all my domains to use Roundcube.
backup_info_1406131330.xml:
Line 423 error: Element 'external-webmail': This element is not expected.
My backups since the day I installed that app are no longer valid.
View 2 Replies
View Related
Apr 6, 2015
I'm not been able to start plesk although web and mail services are running.I'm getting the error unable to execute php_handlers_control.I've patched and updated plesk with command line and bootstrap repair and I'm getting this errors:
==> Checking for: mail_responder_restore... fail
/usr/lib64/plesk-9.0/mail_restore: line 820: 17063 Illegal instruction /usr/local/psa//admin/sbin/mailmng-service --restart-service
Errors occured in mail restore procedure
Some utilities have exited with errors:
/usr/lib64/plesk-9.0/mail_auth_dump
/usr/lib64/plesk-9.0/mail_responder_restore
I get Illegal Instruction When I run :
# /usr/local/psa/admin/sbin/mailmng-service --restart-service
Illegal instruction
Also I switched from postfix to qmail and back using the command line with no luck.
/usr/local/psa/admin/bin/mailmng --features
runs without problems.....
/usr/local/psa/admin/logs/panel.log:
[06-Apr-2015 12:47:25 America/New_York] PleskUtilException: '/usr/local/psa/admin/bin/php_handlers_control' '--list-json' failed with code 4.
[code]....
View 8 Replies
View Related
Jan 19, 2008
what are the inbound and outbound ports when FTP Passive mode is used for PureFTPd.
View 3 Replies
View Related
Aug 23, 2014
When I modify rules using the firewall panel it is not generating rules correctly when selecting allow from selected sources deny from others.
View 2 Replies
View Related
Mar 28, 2015
In plesk I have set the ssh rule to allow from source, deny others and added my IP. However, if I connect my PC to my work VPN, I can still login via ssh, even when I am on a different IP as the allowed IP
View 18 Replies
View Related
Feb 13, 2015
I temporarily enabled and activated Plesk firewall module (which I wish I didn't the first time) and for some reason it seems to have overwritten the default iptables configuration that was set, leaving my ftp unable to be logged into. I tried to disable the firewall module and reboot the server. It didn't work.
I also noticed that it somehow seem to have changed my hostname to my previous server hostname as well
Is there any way to completely revert back to original iptables settings before enabling the Firewall module?
View 4 Replies
View Related
Jun 25, 2015
When I deny all other traffic for the "System policy for incoming traffic" to secure the server by only allowing the explicit ports I've requested to open, my server stops operating correctly.
It appears when I set the "System policy for incoming traffic" to deny, it appears to be disrupting various functions such as web traffic over ports 80/443, FTP, SSH, they either work extremely slow or don't work at all.
I brought this up with my Plesk license provider and they stated that the Plesk firewall doesn't add any tracking for ephemeral ports, therefore if you set the policy to drop for incoming/outgoing, it's not going to allow proper TCP communication since the return socket can't be opened. Also that the firewall is an explicit deny system rather than explicit allow based system.
Am I doing something wrong? All I want to do is to block all ports other than the ones I've set to allow. Is this how it is supposed to work?
View 1 Replies
View Related
Nov 4, 2009
i has setup CSF
and all things Ok
but i dont know to make any setting for CSF
ITs now
Firewall Status: Enabled but in Test Mode - Don't forget to disable TESTING in the Firewall Configuration
View 7 Replies
View Related
Jun 23, 2014
After Plesk panel upgrade to 12.x webadmin stopped working . It's showing following error
Code:
Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. review the following URL and make sure that it is spelled correctly.
View 2 Replies
View Related
Mar 23, 2009
I'm running a Win2003 dedicated server with IIS and Plesk v9. While trying to configure my FTP ports I found out that my host has a basic (free) hardware firewall on my main/shared IP with ports 2000-2015 reserved for passive FTP connections. I asked them if they could change the ports to match the default ones but to customize hardware firewall settings I'm require to upgrade to a paid solution.
I again tried to approach the problem by trying to get IIS to conform to the host's ports. However after some research I found that the default MSFTP range is 1025-5000 while custom values have to be between 5001-65535. My host recommends I upgrade to a personal hardware firewall or make do with a software firewall. Other than dropping the firewall is there nothing I can do here?
I've thought of serving FTP on a dedicated IP (which would be exempted from the hardware firewall) but when I tried to set it up I got a directory permission error during connection attempts. I may be mistaken but this appears to be an an issue with Plesk not liking to serve a website's HTTP and FTP on separate IPs. Is solving this problem my best bet?
View 3 Replies
View Related
Apr 21, 2009
Do you still have to add each port individually to Server 2008's Firewall like we did on Server 2003?
If so, will the guides that were put out for 2003 work on 2008's? I want to be sure before putting all these ports in....if I can just specify a range instead, it would be much easier!
View 3 Replies
View Related
Dec 29, 2014
when trying to add several useraccounts to our mail domain using the cli, we have a problem enabling the antivirus. We add user with the following CLI command, the antivirus flag is set. /usr/local/psa/bin/mail --create mail@mail.box -mailbox true -antivirus inout -passwd yourpassword -cp-access true
But when we got to the web interface and select the newly created user, the antivirus is still disabled for him and has to be enabled manually. Is this a known problem? Or is there any other way to automatically enable antivirus than using the "-antivirus" flag? Because we 're talking about more than 100 users it would take a lot of time enabling the AV manually for each of them.We 're running 12.0.18 Update Nr. 29
View 1 Replies
View Related
Oct 15, 2014
During the installation procedure, the script stopped unexpectedly
Errors were encountered while processing:
/var/cache/apt/archives/psa-proftpd_1.3.5-ubuntu14.04.build1200140604.16_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
View 1 Replies
View Related
Apr 30, 2015
The FTP on my VPs running centos 6.6 and plesk 12.0.18 Update #44 has stopped allowing FTP conections via filezilla or dreamweaver. My tech knowledge with server management outside of the gui is minimal but i have done the following. Checked that the firwall is allowing ftp traffic through the GUI in plesk.
restarted xinetd and checked status
[root@367549 ~]# service xinetd status
xinetd (pid 11707) is running...
[root@367549 ~]# lsof -i tcp:21
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xinetd 11707 root 5u IPv6 682472 0t0 TCP *:ftp (LISTEN)
Then tried the following
[root@367549 ~]# ftp localhost
-bash: ftp: command not found
But i can connect via telnet on port 21
when trying to use +dreamweaver or filezilla i get the following. This may be due to one or more of the following reasons: - The network cable is unplugged or the network is down. Please verify that the network cable is connected and that the network is up. - The FTP server is down. Please verify that you can connect to the FTP server using another FTP program. - The FTP host name is incorrect. Please verify that the host name is correct in the Site definition dialog box. - Accessing the server requires proxy settings that aren't properly set. Please verify that the proxy settings in the Site category of the Preferences dialog box are properly set, and that the Use Proxy option in the Site definition dialog box is selected. - You may need to connect to the server using a different port than the one provided. Please specify the correct port in the box provided.
Error: The data connection could not be established: ETIMEDOUT - Connection attempt timed out
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listin.
What to do and why after no change this just stopped working when ive been using ftp on this server previous.. the company that i brought the vps from have no intrest and tell me its unmanaged.
View 6 Replies
View Related
Jul 12, 2015
Our partition become full and drop the vps, after that we are unable to start postifx, actually postfix start but master not.
So if I run :
/etc/init.d/postfix restart
Shutting down postfix: [FAILED]
Starting postfix: [ OK ]
/etc/init.d/postfix status
master is stopped
I already try to reconfigure all
/usr/local/psa/admin/bin/mailmng-service --start-service --mail-component=all
Into ToolsSettings i change between qmail and come back again to postfix (reinstalling)...
View 3 Replies
View Related
Oct 2, 2014
I've this terrible problem: on my site I start a script that executes a batch process that imports into the Mysql database a lot of products (texts and images). I'm monitoring the query process from Phpmyadmin>Status and I notice that after some minutes the number of queries decreases from ~900 to ~30, that means that the script is stopped! Then I check the error_log and infact there's this error:
[Thu Oct 02 17:09:34 2014] [warn] [client xxx.xxx.xxx.xxx] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Thu Oct 02 17:09:34 2014] [error] [client xxx.xxx.xxx.xxx] Premature end of script headers: insert_products.php
Some informations:
VPS server: 1 CPU; 40gb; RAM 1GB
OS: CentOS 6.5 (Final)
Plesk version: 12.0.18
What I tried via SSH console:
# /usr/local/psa/admin/bin/php_handlers_control --list
id: display name: version: type: cgi-bin: cli-bin: php.ini:
module 5.3.3 5.3.3 module /usr/bin/php-cgi /etc/php.ini
fastcgi 5.3.3 5.3.3 fastcgi /usr/bin/php-cgi /etc/php.ini
cgi 5.3.3 5.3.3 cgi /usr/bin/php-cgi /etc/php.ini
# /usr/bin/php-cgi -v
[code]....
View 2 Replies
View Related
Dec 16, 2014
I just installed Nginx. It seems it works well, but watchdog reports it as "stopped".I restarted watchdog several times, and it always says the service has stopped.What shall I do to make watchdog see Nginx as a working service?
Following this KB [URL] ...., I can confirm that command "/usr/local/psa/admin/sbin/nginxmng -s" return "Enabled".
View 2 Replies
View Related
Sep 20, 2014
I enabled rkhunter in Plesk 12 to check the system weekly. I get a warning now, which I never got in older versions of Plesk:
The current hash function (/usr/bin/sha1sum) or package manager (DPKG) is incompatible with the hash function (Unset) or package manager (Unset) used to store the values. Debian 7.6 x64
View 6 Replies
View Related
Oct 14, 2014
Can not change in 24 hour Clock mode Plesk 12?The scheduled backups start false, because in Plesk 12 running 12 hours mode.The language in Plesk is German.
View 2 Replies
View Related
Oct 16, 2014
I can't find how to swith my Plesk into PowerUser mode. There is no such menu in Tools & Settings -> Interface Management. This is what I see:
I had bought Web Pro Edition license so I can host up to 10 domains but while adding of new domain I'm getting the next issue:
What is going on? I'm using the same license and everything is fine there.
View 7 Replies
View Related
May 12, 2007
I run a small website on a dedicated unmanged server with cpanel.
About a month ago,i stopped getting the daily mails from addresses that are located on the server...
Also,when I attempted to send mail to one of these addresses I never received it...
Its a RHEL 3 server with cpanel,is there anything I can do to see where the problem is?
View 2 Replies
View Related
