Pure-FTPd: port 21 definitely closed...

[Fluotonic]

Hi there,

I just got a preinstalled server (Debian Squeeze with ISPConfig 3) and
I spent about 2 days searching for a solution but I just can't seem to find it...

Here is my problem...
On ISPConfig, I created a site, and then an FTP account butwhen I try to use it, the connection is refused. I'm not surprised now because the port 21 seems to be closed!

If I do netstat -tap | grep ftp, I got NOTHING!

If I do dpkg -l | grep -i "ftp", I get this :

Code:

ii  ftp                                 0.17-23                      The FTP client
ii  pure-ftpd-common                    1.0.28-3                     Pure-FTPd FTP server (Common Files)
ii  pure-ftpd-mysql                     1.0.28-3+b1                  Secure and efficient FTP server with MySQL user authentication

So the FTP seems to be there, right?

I don't know if you have everything to help me but don't hesitate to ask. This problem is driving me nuts!

Thanks in advance!

Vincent


EDIT 1:
I forgot to say I can access the server through FTP with the root account (SFTP on port 22) only.

[Fluotonic]

For information, my jail.local (/etc/fail2ban/jail.local) looks like this:

Code:

[pureftpd]

enabled  = true
port     = ftp
filter   = pureftpd
logpath  = /var/log/syslog
maxretry = 3


[dovecot-pop3imap]

enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,imap,imaps", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 5

And when I do this iptables -L -n, I get this...

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-dovecot-pop3imap  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 110,995,143,993 
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 22 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

I hope this is relevant and it will help :-)

Thanks!

[till]

Is this a virtual server? Ifyes, please post the output of:

cat /proc/user_beancounters

Did you try to restart pure ftpd?

Quote:

I forgot to say I can access the server through FTP with the root account (SFTP on port 22) only.

SFTP is a ssh protocol, so not ftp even if the name might imply this so sftp is provided by the openssh daemon.

[Fluotonic]

Thanks for your answer Till!

cat /proc/user_beancounters sends this output:

Code:

cat: /proc/user_beancounters: Aucun fichier ou dossier de ce type

...means "no such file or directory"

Sorry for my error, I didn't know this about SFTP :-)
So I suppose no FTP is working....

Also, I tried o restart pure-ftpd this way :

Code:

/etc/init.d/pure-ftpd-mysql restart

...but it doesn't change anything.

Thank you VERY MUCH for your kind help!

Vincent

[Fluotonic]

Sorry I forgot to mention I'm on a dedicated server. So I suppose it's not a "virtual" server. Am I correct?

Sorry my ignorance, I'm really willing to learn though. The more I discover it, the more I love Linux and ISPConfig!

Thanks again!

[till]

Quote:

Sorry for my error, I didn't know this about SFTP :-)

No problem at all Thats a common confusion and what it makes even worse is that "FTPS" (with the S at the end) is FTP again.

Quote:

So I suppose no FTP is working....

Yes. Thats my guess too. According to your netstat output, there must be a startup error.

Please check /var/log/syslog and the logs in /var/log/pure-ftpd/ for pureftpd errors. e.g. with:

grep ftp /var/log/syslog

[Fluotonic]

Oh waw, I think we've got something?!

grep ftp /var/log/syslog

Code:

 
Jan 22 19:25:56 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 19:36:08 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 19:45:20 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 21:21:43 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 21:22:34 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
Jan 22 21:47:48 ks4003865 pure-ftpd: (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]

[Fluotonic]

It seems to be related to the SSL certificate I installed recently!!!

I followed this tutorial: http://www.howtoforge.com/securing-y...-from-startssl

What do you think?

[Fluotonic]

OK so I just checked and the file does exist but it's a symlink. When I open it, I have the complete certificate. So I'm not sure the problem is coming from there...

Any idea?

[till]

The ssl cert issue is most likely the reason. Please post the output of:

ls -la /usr/local/ispconfig/interface/ssl/
ls -la /etc/ssl/private/