HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Pure-FTPd: port 21 definitely closed... (http://www.howtoforge.com/forums/showthread.php?t=60309)

Fluotonic 23rd January 2013 05:23

Pure-FTPd (on Debian 6.0.2): port 21 desperately closed...
 
Hi there,

I just got a preinstalled server (Debian Squeeze with ISPConfig 3) and
I spent about 2 days searching for a solution but I just can't seem to find it...

Here is my problem...
On ISPConfig, I created a site, and then an FTP account butwhen I try to use it, the connection is refused. I'm not surprised now because the port 21 seems to be closed!

If I do netstat -tap | grep ftp, I got NOTHING!

If I do dpkg -l | grep -i "ftp", I get this :

Code:

ii  ftp                                0.17-23                      The FTP client
ii  pure-ftpd-common                    1.0.28-3                    Pure-FTPd FTP server (Common Files)
ii  pure-ftpd-mysql                    1.0.28-3+b1                  Secure and efficient FTP server with MySQL user authentication

So the FTP seems to be there, right?

I don't know if you have everything to help me but don't hesitate to ask. This problem is driving me nuts!

Thanks in advance!

Vincent


EDIT 1:
I forgot to say I can access the server through FTP with the root account (SFTP on port 22) only.

Fluotonic 23rd January 2013 06:35

For information, my jail.local (/etc/fail2ban/jail.local) looks like this:

Code:

[pureftpd]

enabled  = true
port    = ftp
filter  = pureftpd
logpath  = /var/log/syslog
maxretry = 3


[dovecot-pop3imap]

enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

And when I do this iptables -L -n, I get this...
Code:

Chain INPUT (policy ACCEPT)
target    prot opt source              destination       
fail2ban-dovecot-pop3imap  tcp  --  0.0.0.0/0            0.0.0.0/0          multiport dports 110,995,143,993
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0          multiport dports 22

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

Chain fail2ban-dovecot-pop3imap (1 references)
target    prot opt source              destination       
RETURN    all  --  0.0.0.0/0            0.0.0.0/0         

Chain fail2ban-ssh (1 references)
target    prot opt source              destination       
RETURN    all  --  0.0.0.0/0            0.0.0.0/0

I hope this is relevant and it will help :-)

Thanks!

till 23rd January 2013 09:33

Is this a virtual server? Ifyes, please post the output of:

cat /proc/user_beancounters

Did you try to restart pure ftpd?

Quote:

I forgot to say I can access the server through FTP with the root account (SFTP on port 22) only.
SFTP is a ssh protocol, so not ftp even if the name might imply this :) so sftp is provided by the openssh daemon.

Fluotonic 23rd January 2013 09:49

Thanks for your answer Till!

cat /proc/user_beancounters sends this output:

Code:

cat: /proc/user_beancounters: Aucun fichier ou dossier de ce type
...means "no such file or directory"

Sorry for my error, I didn't know this about SFTP :-)
So I suppose no FTP is working....

Also, I tried o restart pure-ftpd this way :
Code:

/etc/init.d/pure-ftpd-mysql restart
...but it doesn't change anything.

Thank you VERY MUCH for your kind help!

Vincent

Fluotonic 23rd January 2013 09:54

Sorry I forgot to mention I'm on a dedicated server. So I suppose it's not a "virtual" server. Am I correct?

Sorry my ignorance, I'm really willing to learn though. The more I discover it, the more I love Linux and ISPConfig!

Thanks again!

till 23rd January 2013 09:54

Quote:

Sorry for my error, I didn't know this about SFTP :-)
No problem at all :) Thats a common confusion and what it makes even worse is that "FTPS" (with the S at the end) is FTP again.

Quote:

So I suppose no FTP is working....
Yes. Thats my guess too. According to your netstat output, there must be a startup error.

Please check /var/log/syslog and the logs in /var/log/pure-ftpd/ for pureftpd errors. e.g. with:

grep ftp /var/log/syslog

Fluotonic 23rd January 2013 09:58

Oh waw, I think we've got something?!

grep ftp /var/log/syslog
Code:


Jan 22 19:25:56 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 19:36:08 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 19:45:20 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 21:21:43 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 21:22:34 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 21:47:48 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]


Fluotonic 23rd January 2013 10:00

It seems to be related to the SSL certificate I installed recently!!!

I followed this tutorial: http://www.howtoforge.com/securing-y...-from-startssl

What do you think?

Fluotonic 23rd January 2013 10:07

OK so I just checked and the file does exist but it's a symlink. When I open it, I have the complete certificate. So I'm not sure the problem is coming from there...

Any idea?

till 23rd January 2013 10:11

The ssl cert issue is most likely the reason. Please post the output of:

ls -la /usr/local/ispconfig/interface/ssl/
ls -la /etc/ssl/private/


All times are GMT +2. The time now is 05:30.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.