External access to pure-ftpd won´t work.

Discussion in 'Installation/Configuration' started by wolfiedk, Jul 12, 2011.

  1. wolfiedk

    wolfiedk New Member


    I can´t connect to my ftp service on my ispconfig 3 v. server from the WAN connection.

    example primary gateway address: (linux firewall with WAN IP
    example secondary gateway address: (another linux firewall with WAN IP

    Logged on to ispconfig3 server with SSH, I can connect to localhost using FTP.
    From my local LAN it works too.

    The ispconfig server only have the primary gateway address (of cource), but I do have 2 firewalls/2 gateways on my local network, because my primary firewall does not support ftp on a multi-wan setup. So my thoughts about this is, that I whant to connect to FTP using my seconday gateway/firewall.

    When I connect to using FTP, I can´t connect to my ispconfig server. But when I look in the log file "cat /var/log/syslog | grep pure-ftpd", I can see ..

    Jul 12 15:00:02 web pure-ftpd: ([email protected]) [INFO] New connection from
    Jul 12 15:00:02 web pure-ftpd: ([email protected]) [INFO] Logout.
    ... for eatch connection im trying to make from the outside world.

    If I look at the firewall log in my secondary firewall, I can see the traffic is passed through.
    (I have tryed with another FTP server on a windows machine, and the firewall rule works just fine, so the error must bee in the pure-ftpd configuration)

    But when Im logged in to my primary firewall I can see that pure-ftpd have responed on a ftp package. So my conclusion is, pure-ftp sends data respones back to the primary gateway instead of the client ip-address that is connected.

    netstat -tap shows:
    tcp        0      0 *:ftp                   *:*                     LISTEN      30616/pure-ftpd (SE
    tcp        0      0 domain.com:49281 domain.com:mysql TIME_WAIT   -
    tcp        0      0 domain.com:49280 domain.com:mysql TIME_WAIT   -
    tcp        0    300 domain.com:ssh      ESTABLISHED 30217/0
    tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1346/sshd
    tcp6       0      0 [::]:https              [::]:*                  LISTEN      849/apache2
    tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      849/apache2
    tcp6       0      0 [::]:www                [::]:*                  LISTEN      849/apache2
    tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      849/apache2
    tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      30616/pure-ftpd (SE
    iptables -L shows:
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
    PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
    Does anyone have any idea of what I can do to make pure-ftpd respond on the ip it recives data from?

    Best regards
  2. falko

    falko Super Moderator ISPConfig Developer

    Not sure, but maybe the -P option is what you need: http://download.pureftpd.org/pub/pure-ftpd/doc/README

    This is just a coincidence - in fact that's ISPConfig's Monitor module which tries to connect to PureFTPd to find out if it's still running.

Share This Page