FTP doesnt work more..

Discussion in 'Server Operation' started by wapa17, Apr 5, 2007.

  1. wapa17

    wapa17 New Member

    I installed ISPConfig in November 2006 (Mandrake 2006 - perfect setup).
    Well - some mail and DNS related issues but this has been solved manually ;-)

    Then I decided to install a CRON-job to look for updates automatically....and here began the trouble: I cannot login into FTP more (neither via ISPConfig-Admin nor with a FTP-Client).
    It has something to do with the "auto-update" (I have it disabled now).
    Well, it looks like if I have to downgrade the ProFTP.

    My question is: HOW to downgrade without to break the ISPConfig - configuration ?
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    I think its not nescessary to downgrade proftpd as all proftpd versions should be compatible with ISPConfig.

    Please have a look if your last proftpd update has replaced the proftpd.conf file and left a copy of the old configuration in the same directory which you can compare to the new config.

    Please post the output of:

    netstat -tap | grep ftp

    and

    ps aux | grep ftp
     
  3. wapa17

    wapa17 New Member

    Hi Till,

    thanks for your answer.
    The outputs are:
    --------------- cut -----------------
    > netstat -tap | grep ftp
    tcp 0 0 *:ftp *:* LISTEN 29701/proftpd: (acc


    and

    > ps aux | grep ftp
    nobody 29701 0.0 0.5 5660 2580 ? Ss Apr08 0:00 proftpd: (accepting connections)
    root 11928 0.0 0.2 2204 1024 ? R 09:05 0:00 sh -c (ps aux | grep ftp) 2>&1
    root 11929 0.0 0.2 2204 1040 ? R 09:05 0:00 sh -c (ps aux | grep ftp) 2>&1

    ------------- cut ------------------

    It seems, that the command netstat -tap | grep ftp outputs incomplete data ..
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    That's normal.
    FTP seems to be running.
    Is FTP allowed in the firewall? What's the output of
    Code:
    iptables -L
    ? Are there any errors in your logs?
     
  5. wapa17

    wapa17 New Member

    Output of Iptables -L
    --------------------- cut ----------------------
    > iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ------------------------ cut ------------------------------

    and yes. ftp is allowed in the firewall ... and it was running before very well, but now I cannot more access FTP neither outside nor locally (and this has something to do with the auto-update..).

    Sometimes I have a strange log in syslog:
    -------------- cut --------------------
    Apr 10 10:30:00 mail proftpd[8538]: mail.myname.net (mail.myname.net [127.0.0.1]) - FTP session opened.
    Apr 10 10:30:00 mail proftpd[8538]: mail.myname.net (mail.myname.net [127.0.0.1]) - invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Apr 10 10:30:00 mail proftpd[8538]: mail.myname.net (mail.myname.net [127.0.0.1]) - FTP session closed.
    ----------------cut -----------------------
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in /etc/proftpd.conf?
     
  7. wapa17

    wapa17 New Member

    Hi Falko,

    here is the output of /etc/proftpd.conf
    -------------------- cut ----------------------
    > cat /etc/proftpd.conf
    # This is a basic ProFTPD configuration file (rename it to
    # 'proftpd.conf' for actual use. It establishes a single server
    # and a single anonymous login. It assumes that you have a user/group
    # "nobody" and "ftp" for normal operation and anon.

    ServerName "ProFTPD CommerceDAT"
    ServerType standalone
    DefaultServer on

    # Allow FTP resuming.
    # Remember to set to off if you have an incoming ftp for upload.
    AllowStoreRestart off

    # Port 21 is the standard FTP port.
    Port 21

    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask 022

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd).
    MaxInstances 30

    # Set the user and group under which the server will run.
    User nobody
    Group nogroup

    # To cause every FTP user to be "jailed" (chrooted) into their home
    # directory, uncomment this line.
    DefaultRoot ~

    # Normally, we want files to be overwriteable.
    AllowOverwrite on

    # Bar use of SITE CHMOD by default
    # <Limit SITE_CHMOD>
    # DenyAll
    # </Limit>

    # Needed for NIS.

    PersistentPasswd off

    # Default root can be used to put users in a chroot environment.
    # As an example if you have a user foo and you want to put foo in /home/foo
    # chroot environment you would do this:
    #
    # DefaultRoot /home/foo foo

    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server ready."


    Include /etc/proftpd_ispconfig.conf
    --------------------- cut -----------------------------
     
  8. memphis

    memphis New Member

    I have made this too. I upgradet my Proftpd and now ist is no longer runnin. I need some quick help.
    My System is an Debian Sarge System with ISPConfig.

    I can not find anything in my logs.
     
  9. wapa17

    wapa17 New Member

    ..and,.. i forgot:
    the /etc/proftpd_ispconfig.conf:
    -------------------- cut -------------------------
    > cat /etc/proftpd_ispconfig.conf
    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    <VirtualHost 10.0.0.101>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    </VirtualHost>
    <VirtualHost 192.168.0.101>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /var/www/web1/ftp>
    User web1_anonftp
    Group web1_anonftp
    UserAlias anonymous web1_anonftp
    UserAlias guest web1_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /var/www/web1/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    ----------------------- cut -----------------------
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    The configuration looks ok, so it must be a problem with ProFTPd itself. :(
     
  11. wapa17

    wapa17 New Member

    ..Hi falko,

    ..yes.. I think so. I will guard the proftp.conf and downgrade to the original version of the Mandriva 2006 CD ..
     
  12. chjie

    chjie New Member

    A cue for you - the log cheated

    I've just experienced similar thing as you.

    I failed to run "urpmi" with message after updated proftpd.conf:
    But I overlooked the "access denied" and went to check log message, which showed the same strange triplet as you:

    I started snort to check the packets and found it's indeed some "Permission denied" condition.

    So I suggest that you check again the error message in your ftp client. It's quite probable an access permission problem.
     
  13. wapa17

    wapa17 New Member

    FTP - the solucion ?

    Well, as I wrote before I deleted the FTP and installed it again (of course with the config-fies backed up).

    AND YES .. I could access the sites with the built-in FTP-access in the administration-panel. BUT .. ftp-access via Kbear didnt run (OS Linux).

    I gave it a try and installed GFTP .. and YESSS .. it runs ok.

    I did not test it with windows-FTP-clients .. but if there is a connecting-problem I think its worth to try another FTP-client.
     

Share This Page