Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 13th February 2013, 19:03
dynamind dynamind is offline
Member
 
Join Date: Mar 2011
Location: Mödling bei Wien
Posts: 62
Thanks: 21
Thanked 9 Times in 5 Posts
Send a message via Skype™ to dynamind
Default ISPconfig on OpenVZ @ intoVPS blocks FTP connection

hello,

I installed ispconfig on an intoVPS OpenVZ container.
Now FTP connections don't get established, the trouble starts here:

Quote:
/etc/init.d/bastille-firewall restart
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Module ip_tables not found.
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Module ip_conntrack not found.
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Module ip_conntrack_ftp not found.
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Module ipt_LOG not found.
Setting up IP spoofing protection... done.
Allowing traffic from trusted interfaces... done.
Setting up chains for public/internal interface traffic... done.
Setting up general rules... done.
Setting up outbound rules... done.
The vMachines is a Debian Squeeze 6.06. At the setup I noticed it would not be possible to reproduce the network config, looks like that:

Quote:
# Auto generated lo interface
auto lo
iface lo inet loopback

# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
up ifconfig venet0 up
up ifconfig venet0 127.0.0.2
up route add default dev venet0
down route del default dev venet0
down ifconfig venet0 down


iface venet0 inet6 manual
up route -A inet6 add default dev venet0
down route -A inet6 del default dev venet0

auto venet0:0
iface venet0:0 inet static
address xx.xx.xxx.xx
netmask 255.255.255.255
iptables shows:

Quote:
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- base-address.mcast.net/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (19 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (5 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:whois
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dptop3
PAROLE tcp -- anywhere anywhere tcp dpt:sftp
PAROLE tcp -- anywhere anywhere tcp dpt:ntp
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp
PAROLE tcp -- anywhere anywhere tcp dpt:submission
PAROLE tcp -- anywhere anywhere tcp dpt:imaps
PAROLE tcp -- anywhere anywhere tcp dptop3s
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
PAROLE tcp -- anywhere anywhere tcp dpt:31280
PAROLE tcp -- anywhere anywhere tcp dpt:64128
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT udp -- anywhere anywhere udp dpt:mysql
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (5 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ftp client stops here:

Quote:
Status: Auflösen der IP-Adresse für mydomain.org
Status: Verbinde mit xx.xx.xxx.xx:21...
Status: Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Antwort: 220-You are user number 1 of 50 allowed.
Antwort: 220-Local time is now 20:07. Server port: 21.
Antwort: 220-This is a private system - No anonymous login
Antwort: 220 You will be disconnected after 15 minutes of inactivity.
Befehl: USER dummy
Antwort: 331 User dummy OK. Password required
Befehl: PASS ****************
Antwort: 230-User dummy has group access to: client1
Antwort: 230-This server supports FXP transfers
Antwort: 230-OK. Current restricted directory is /
Antwort: 230 0 Kbytes used (0%) - authorized: 4194304 Kb
Befehl: SYST
Antwort: 215 UNIX Type: L8
Befehl: FEAT
Antwort: 211-Extensions supported:
Antwort: EPRT
Antwort: IDLE
Antwort: MDTM
Antwort: SIZE
Antwort: REST STREAM
Antwort: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNI X.gid*;unique*;
Antwort: MLSD
Antwort: AUTH TLS
Antwort: PBSZ
Antwort: PROT
Antwort: UTF8
Antwort: ESTA
Antwort: PASV
Antwort: EPSV
Antwort: SPSV
Antwort: ESTP
Antwort: 211 End.
Befehl: OPTS UTF8 ON
Antwort: 200 OK, UTF-8 enabled
Status: Verbunden
Status: Empfange Verzeichnisinhalt...
Befehl: CWD /
Antwort: 250 OK. Current directory is /
Befehl: PWD
Antwort: 257 "/" is your current location
Befehl: TYPE I
Antwort: 200 TYPE is now 8-bit binary
Befehl: PASV
Antwort: 227 Entering Passive Mode (xx,xx,xxx,xx,218,118)
Befehl: MLSD
Is there any mistake in my config?
As soon as I clear the firewall all connections are functional again but that's not very secured.

Please help.

Last edited by dynamind; 13th February 2013 at 20:16.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How set the Right Client FTP connection in ISPConfig Salital Installation/Configuration 5 3rd October 2011 22:32
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail-Problema jz_ HOWTO-Related Questions 9 14th September 2011 13:31
ISPConfig3 mail doesn't work Marr General 6 1st September 2010 09:32
Centos 5.2 + ISPConfig 3 tutorial - Problem with email tanakskool Server Operation 1 3rd June 2009 16:22
Loads of mysql connections to dbispconfig StrikerNL General 2 5th March 2009 14:31


All times are GMT +2. The time now is 03:06.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.