Hello! I have ISPConfig 3 final, Ubuntu 12.04 LTS. Today I restart server (after kernel updates) and now pure-ftpd dont want to work in active mode. passive mode work ok. pure-ftpd start: Code: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -H -u 1000 -d -b -Y 1 -A -8 UTF-8 -p 40110:40210 -L 5000:500 -D -O clf:/var/log/pure-ftpd/transfer.log -E -B Verbose mode: Code: Jun 14 13:22:49 in pure-ftpd: ([email protected]) [INFO] New connection from 12.12.12.12 Jun 14 13:22:49 in pure-ftpd: ([email protected]) [DEBUG] Command [user] [inf2ftp2] Jun 14 13:22:49 in pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>] Jun 14 13:22:49 in pure-ftpd: ([email protected]) [INFO] inf2ftp2 is now logged in Jun 14 13:22:49 in pure-ftpd: ([email protected]) [DEBUG] Command [opts] [UTF8 ON] Jun 14 13:22:49 in pure-ftpd: ([email protected]) [DEBUG] Command [pwd] [] Jun 14 13:22:49 in pure-ftpd: ([email protected]) [DEBUG] Command [type] [I] Jun 14 13:22:49 in pure-ftpd: ([email protected]) [DEBUG] Command [port] [12,12,12,12,19,138] Jun 14 13:22:49 in pure-ftpd: ([email protected]) [DEBUG] Command [mlsd] [] 12.12.12.12 is client internal IP. Thank you.
Hello Falko! Thank you for your reply. Output: Code: [email protected]:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination fail2ban-dovecot-pop3imap tcp -- anywhere anywhere multiport dports pop3,pop3s,imap2,imaps fail2ban-pureftpd tcp -- anywhere anywhere multiport dports ftp fail2ban-sasl tcp -- anywhere anywhere multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s fail2ban-courierauth tcp -- anywhere anywhere multiport dports smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s fail2ban-couriersmtp tcp -- anywhere anywhere multiport dports smtp,ssmtp fail2ban-postfix tcp -- anywhere anywhere multiport dports smtp,ssmtp fail2ban-apache-overflows tcp -- anywhere anywhere multiport dports http,https fail2ban-apache-noscript tcp -- anywhere anywhere multiport dports http,https fail2ban-apache-multiport tcp -- anywhere anywhere multiport dports http,https fail2ban-apache tcp -- anywhere anywhere multiport dports http,https fail2ban-ssh-ddos tcp -- anywhere anywhere multiport dports ssh fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- base-address.mcast.net/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere Chain INT_IN (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PAROLE (14 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain PUB_IN (5 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp echo-request PAROLE tcp -- anywhere anywhere tcp dpt:ftp PAROLE tcp -- anywhere anywhere tcp dpt:ssh PAROLE tcp -- anywhere anywhere tcp dpt:smtp PAROLE tcp -- anywhere anywhere tcp dpt:domain PAROLE tcp -- anywhere anywhere tcp dpt:http PAROLE tcp -- anywhere anywhere tcp dpt:pop3 PAROLE tcp -- anywhere anywhere tcp dpt:imap2 PAROLE tcp -- anywhere anywhere tcp dpt:https PAROLE tcp -- anywhere anywhere tcp dpt:imaps PAROLE tcp -- anywhere anywhere tcp dpt:pop3s PAROLE tcp -- anywhere anywhere tcp dpt:ssmtp PAROLE tcp -- anywhere anywhere tcp dpt:mysql PAROLE tcp -- anywhere anywhere tcp dpt:http-alt PAROLE tcp -- anywhere anywhere tcp dpts:40110:40210 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:mysql DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (5 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain fail2ban-apache (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-apache-multiport (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-apache-noscript (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-apache-overflows (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-courierauth (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-couriersmtp (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-dovecot-pop3imap (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-postfix (1 references) target prot opt source destination DROP all -- 84-55-108-33.customers.ownit.se anywhere DROP all -- 85-130-25-203.2073795190.shumen.cablebg.net anywhere DROP all -- c935b135.virtua.com.br anywhere RETURN all -- anywhere anywhere Chain fail2ban-pureftpd (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-sasl (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh-ddos (1 references) target prot opt source destination RETURN all -- anywhere anywhere
Yes I tried to off ISPConfig firewall. But result is the same. Iptables after firewall off: Code: [email protected]:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-apache (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-apache-multiport (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-apache-noscript (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-apache-overflows (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-courierauth (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-couriersmtp (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-dovecot-pop3imap (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-postfix (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-pureftpd (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-sasl (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh (0 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh-ddos (0 references) target prot opt source destination RETURN all -- anywhere anywhere
Thank you Falko that dont forget about me. Yes we have MikroTik router. But all work with this router configurations until server was rebooted. Firewall config is: Code: 0 ;;; Ping Allow/Drop chain=input action=drop protocol=icmp 1 ;;; default configuration chain=input action=accept connection-state=established 2 ;;; default configuration chain=input action=accept connection-state=related 4 ;;; Drop Invalid connections chain=input action=drop connection-state=invalid 5 ;;; Allow Established connections chain=input action=accept connection-state=established 6 ;;; Allow UDP chain=input action=accept protocol=udp 7 ;;; Allow access to router from known network chain=input action=accept src-address=192.168.0.0/24 8 ;;; deny TFTP chain=tcp action=drop protocol=tcp dst-port=69 9 ;;; deny RPC portmapper chain=tcp action=drop protocol=tcp dst-port=111 10 ;;; deny RPC portmapper chain=tcp action=drop protocol=tcp dst-port=135 11 ;;; deny NBT chain=tcp action=drop protocol=tcp dst-port=137-139 12 ;;; deny cifs chain=tcp action=drop protocol=tcp dst-port=445 13 ;;; deny NFS chain=tcp action=drop protocol=tcp dst-port=2049 14 ;;; deny NetBus chain=tcp action=drop protocol=tcp dst-port=12345-12346 15 ;;; deny NetBus chain=tcp action=drop protocol=tcp dst-port=20034 16 ;;; deny BackOriffice chain=tcp action=drop protocol=tcp dst-port=3133 17 ;;; deny DHCP chain=tcp action=drop protocol=tcp dst-port=67-68 18 ;;; deny TFTP chain=udp action=drop protocol=udp dst-port=69 19 ;;; deny PRC portmapper chain=udp action=drop protocol=udp dst-port=111 20 ;;; deny PRC portmapper chain=udp action=drop protocol=udp dst-port=135 21 ;;; deny NBT chain=udp action=drop protocol=udp dst-port=137-139 22 ;;; deny NFS chain=udp action=drop protocol=udp dst-port=2049 23 ;;; deny BackOriffice chain=udp action=drop protocol=udp dst-port=3133 24 chain=forward action=drop src-address=0.0.0.0/8 25 chain=forward action=drop dst-address=0.0.0.0/8 26 chain=forward action=drop src-address=127.0.0.0/8 27 chain=forward action=drop dst-address=127.0.0.0/8 28 chain=forward action=drop src-address=224.0.0.0/3 29 chain=forward action=drop dst-address=224.0.0.0/3
Is it possible you ran iptables rules on the command line (without putting them in some configuration file)? Those iptables rules are lost on reboot.
Thank you Falko. No there are no iptables that runs via command line. We restart server at other time when active mode worked, and after restart it was ok. I think it was some updates, and after restart active mode goes down. it was dh-apparmor, but I delete it after that by apt-get remove. Any ideas?
