Can't connect to server via FTP

Discussion in 'Installation/Configuration' started by ABatisa, Nov 5, 2021.

  1. ABatisa

    ABatisa New Member

    Hi, maybe somebody could help a little? I can't connect to server via FTP
    Linux moodle-clf 5.11.0-1020-azure #21~20.04.1-Ubuntu SMP Mon Oct 11 18:54:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux -- ISPConfig 3.2.7

    Code:
    /// my external IP ...'...'...'...
    /// Wrong password
    Nov  5 09:42:39 moodle-clf pure-ftpd: ([email protected]'...'...'...) [INFO] New connection from ...'...'...'...
    Nov  5 09:42:44 moodle-clf pure-ftpd: ([email protected]'...'...'...) [WARNING] Authentication failed for user [jonas]
    Nov  5 09:42:44 moodle-clf pure-ftpd: ([email protected]'...'...'...) [INFO] Logout.
    Nov  5 09:43:01 moodle-clf CRON[229216]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Nov  5 09:43:01 moodle-clf CRON[229217]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    
    ///  Password OK
    Nov  5 09:43:04 moodle-clf pure-ftpd: ([email protected]'...'...'...) [INFO] New connection from ...'...'...'...
    Nov  5 09:43:04 moodle-clf pure-ftpd: ([email protected]'...'...'...) [INFO] jonas is now logged in
    Nov  5 09:43:07 moodle-clf pure-ftpd: ([email protected]'...'...'...) [INFO] New connection from ...'...'...'...
    Nov  5 09:43:07 moodle-clf pure-ftpd: ([email protected]'...'...'...) [INFO] jonas is now logged in
    Nov  5 09:44:01 moodle-clf CRON[229271]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Nov  5 09:44:01 moodle-clf CRON[229272]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You say you can't login and post a log that shows that you are successfully logged in?
     
  3. ABatisa

    ABatisa New Member

  4. till

    till Super Moderator Staff Member ISPConfig Developer

  5. ABatisa

    ABatisa New Member

    I have tried and checked this many times. Here i am trying ftp open from another server
    Code:
    ftp
    ftp> open
    (to externasl server ip) ...'...'...'...
    Connected to ...'...'...'... .
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 12 of 50 allowed.
    220-Local time is now 11:35. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    Name (...'...'...'...:root): jonas
    331 User jonas OK. Password required
    Password:
    230 OK. Current restricted directory is /
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp>
    
    /// internally direct in server
    ftp
    ftp> open
    (to) 10.10.100.3
    Connected to 10.10.100.3.
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 1 of 50 allowed.
    220-Local time is now 12:10. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    Name (10.10.100.3:rootname): jonas
    331 User jonas OK. Password required
    Password:
    230 OK. Current restricted directory is /
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp>
    
    
     
    Last edited: Nov 5, 2021
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    According to the output of the ftp command that you posted, it's working fine now.
     
  7. ABatisa

    ABatisa New Member

    No same anyway
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    So it's an issue with your other ftp client or the system where you run the ftp client on or you still block parts in a firewall or router between the systems, as the command line FTP works fine.
     
    ABatisa likes this.
  9. ABatisa

    ABatisa New Member

    There is another server here, the mail is OK here :)

    Here ftp rejects me with
    Current restricted directory is /
    Inside (from internal IP) server and from outside (external IP) I get the same rejection --> Current restricted directory is /
    There seems to be a problem with serve.
    Maybe problem is that I could install only --no-quota

    Code:
    wget -O - https://get.ispconfig.org | sh -s -- --use-ftp-ports=40110-40210 --unattended-upgrades --no-quota
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    That's a success message and not rejection and after that message, the FTP prompt waits for the next FTP command. There is no issue with the server as I mentioned already. The issue is that the passive ports that your desktop client tries to use to send further commands after successful login are blocked between your desktop and the server by a firewall or router.

    That's not related.
     
  11. ABatisa

    ABatisa New Member

    FileZilla logs
    Code:
    Status:          Connecting to ...'...'...'...:21...
    Status:          Connection established, waiting for welcome message...
    Status:          Initializing TLS...
    Status:          Verifying certificate...
    Status:          TLS connection established.
    Status:          Logged in
    Status:          Retrieving directory listing...
    Command:    PWD
    Response:     257 "/" is your current location
    Command:    TYPE I
    Response:     200 TYPE is now 8-bit binary
    Command:    PASV
    Response:     227 Entering Passive Mode (46,255,210,177,157,3)
    Command:    MLSD
    Error:            Connection timed out after 20 seconds of inactivity
    Error:            Failed to retrieve directory listing
    Status:          Disconnected from server
    Status:          Connecting to ...'...'...'...:21...
    Status:          Connection established, waiting for welcome message...
    Status:          Initializing TLS...
    Status:          Verifying certificate...
    Status:          TLS connection established.
    Status:          Logged in
    Status:          Retrieving directory listing...
    Command:    PWD
    Response:     257 "/" is your current location
    Command:    TYPE I
    Response:     200 TYPE is now 8-bit binary
    Command:    PASV
    Response:     227 Entering Passive Mode (46,255,210,177,156,206)
    Command:    MLSD
    Error:            Connection timed out after 20 seconds of inactivity
    Error:            Failed to retrieve directory listing
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Code:
    Response:     227 Entering Passive Mode (46,255,210,177,156,206)
    Command:    MLSD
    Error:            Connection timed out after 20 seconds of inactivity
    Error:            Failed to retrieve directory listing
    Ok, that shows exactly what I explained you multiple times. The passive port range of your server is blocked by a Firewall, there is no issue with your FTP system itself.
     
  13. ABatisa

    ABatisa New Member

    OK, which ports should be open?
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Port 40110 to 40210
    See post #4, it is covered there already in the FAQ.
     
    ABatisa likes this.
  15. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    as well as the ports not being open, as @till suggests, another couple of possibilities, the masquerade address is not set in the ForcePassiveIP file, although i would expect problems with the actual login in that case.
    or the ftp client is configured to use 'active' mode and not 'passive' mode. you should know if this is the case, as it would normally be manually set, most ftp client would use passive mode by default. active mode would likely also require you to reconfigure your local firewall to allow inbound tcp connections from the servers ip, with source port '20'.
     
  16. ABatisa

    ABatisa New Member

    So it was
     
    till likes this.

Share This Page