Pure-ftpd not upload file UFW strange behaviour

Discussion in 'General' started by leonardo.saracini, Apr 1, 2020.

Tags:
  1. Sorry I have read a lot of post on configure pure-ftp and TLS.
    Now I be able to connect and list files but not to upload:
    I open In ISPConfig 3.1.1.15P3 the firewall port:
    Code:
    20/tcp                            
    21/tcp                          
    889/tcp                               
    990/tcp 
    40110:40210/tcp   
    
    all are
    Code:
    ALLOW       Anywhere
    and test its on
    Code:
    ufw status
    in
    Code:
    /etc/pure-ftpd/conf/PassivePortRange
    I have:
    Code:
    40110 40210
    Connection is god and stable. list all file well.
    but on upload I have error
    Code:
    451-Error during read from data connection
    seams a owner problem but I check and user and group are correct.
    I check on pure-ftp database and it pickup the right user/group: web2/client1
    all files are writable by user 'web2' on destination folder.

    all permission in folder from / to the last where file are to be write, are correct and make it writable by web2.

    So I investigate on the syslog:
    Code:
    Apr  1 17:30:42 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher
    Apr  1 17:30:43 gemini pure-ftpd: ([email protected]) [DEBUG] Command [type] [A]
    Apr  1 17:30:43 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pasv] []
    Apr  1 17:30:44 gemini pure-ftpd: ([email protected]) [DEBUG] Command [stor] [setup-nextcloud.php]
    Apr  1 17:30:44 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher
    Apr  1 17:30:44 gemini kernel: [ 8554.714078] [UFW BLOCK] IN=eth0 OUT=  SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=610
    26 DPT=40160 WINDOW=0 RES=0x00 RST URGP=0
    Apr  1 17:30:45 gemini kernel: [ 8554.742450] [UFW BLOCK] IN=eth0 OUT=  SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=610
    26 DPT=40160 WINDOW=0 RES=0x00 RST URGP=0
    
    My ip is 95.239.127.43 so the sender is me.
    DST=80.241.208.16 is my server
    DPT=40160 is in range 40110:40210
    The message come from me to the server in the pureftp range so i suppose is a ftp message.
    I suppose UFW BLOCK means UFW is BLOCKing and not other I hope
    so why UWF is blocking my incoming message?
    I suppose this is the reason why I cannot upload.

    My client ftp use Passive mode.

    Any idea?

    best regards,
    Leonardo

    P.S.
    Code:
    [email protected]:~# netstat -tunlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      9840/pure-ftpd (SER
    tcp        0      0 80.241.208.16:53        0.0.0.0:*               LISTEN      1043/named         
    tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1043/named         
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      690/systemd-resolve
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1056/sshd           
    tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1043/named         
    tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1/init             
    tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      1027/dovecot       
    tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      1549/amavisd-new (m
    tcp        0      0 0.0.0.0:873             0.0.0.0:*               LISTEN      1054/rsync         
    tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      1549/amavisd-new (m
    tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1163/mysqld         
    tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      1109/redis-server 1
    tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      1051/memcached     
    tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      1027/dovecot       
    tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      1/init             
    
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    Yep, that is the problem. What does ufw status show?
     
  3. The first code message in my previous message. It is an bit off it. have I lost some port that have to be open? why if
    40110:40210/tcp are ALLOW Anywhere then
    Code:
    Apr  1 17:30:44 gemini kernel: [ 8554.714078] [UFW BLOCK] IN=eth0 OUT=  SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=610
    26 DPT=40160 WINDOW=0 RES=0x00 RST URGP=0
    to me seams 40160 is blocked.

    best regards,
    Leonardo
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    Maybe 'ufw disable ' then 'ufw enable' again? What is the output of 'iptables -L -n - v'
     
  5. I disable and enabled uwf (good idea ;) ) then test ftp and get same error. so I get my iptable list. Here it is:
    https://pastebin.com/U0RS4Yan

    best regards,
    Leonardo
     
  6. I checked fail2ban and my IP is not banned.
    I do a new try and pick up new syslog:
    This is only for connection and all seams ok:
    Code:
    Apr  3 15:59:07 gemini pure-ftpd: ([email protected]) [INFO] New connection from 95.239.127.43
    Apr  3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [auth] [TLS]
    Apr  3 15:59:08 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher
    Apr  3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [user] [lesarnextcloud]
    Apr  3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>]
    Apr  3 15:59:08 gemini pure-ftpd: ([email protected]) [INFO] lesarnextcloud is now logged in
    Apr  3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [syst] []
    Apr  3 15:59:08 gemini pure-ftpd: ([email protected]) [DEBUG] Command [feat] []
    Apr  3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [opts] [UTF8 ON]
    Apr  3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pbsz] [0]
    Apr  3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [prot] [P]
    Apr  3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pwd] []
    Apr  3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [type] [I]
    Apr  3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pasv] []
    Apr  3 15:59:09 gemini pure-ftpd: ([email protected]) [DEBUG] Command [mlsd] []
    Apr  3 15:59:10 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher
    Apr  3 15:59:17 gemini pure-ftpd: ([email protected]) [INFO] New connection from 95.239.127.43
    Apr  3 15:59:17 gemini pure-ftpd: ([email protected]) [DEBUG] Command [auth] [TLS]
    Apr  3 15:59:18 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher
    Apr  3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [user] [lesarnextcloud]
    Apr  3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>]
    Apr  3 15:59:18 gemini pure-ftpd: ([email protected]) [INFO] lesarnextcloud is now logged in
    Apr  3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [opts] [UTF8 ON]
    Apr  3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pbsz] [0]
    Apr  3 15:59:18 gemini pure-ftpd: ([email protected]) [DEBUG] Command [prot] [P]
    Apr  3 15:59:19 gemini pure-ftpd: ([email protected]) [DEBUG] Command [cwd] [/]
    Apr  3 15:59:19 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pwd] []
    
    Then try to upload a file:
    Code:
    Apr  3 15:59:25 gemini pure-ftpd: ([email protected]) [DEBUG] Command [type] [A]
    Apr  3 15:59:25 gemini pure-ftpd: ([email protected]) [DEBUG] Command [pasv] []
    Apr  3 15:59:25 gemini pure-ftpd: ([email protected]) [DEBUG] Command [stor] [setup-nextcloud.php]
    Apr  3 15:59:26 gemini pure-ftpd: ([email protected]) [INFO] TLS: Enabled TLSv1.3 with TLS_AES_256_GCM_SHA384, 256 secret bits cipher
    Apr  3 15:59:26 gemini kernel: [175876.251370] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3c:78:60:00:08:e3:ff:fd:90:08:00 SRC=95.239.127.43 DST=80.241.208.16 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=65411 DPT=40119 WINDOW=0 RES=0x00 RST URGP=0
    
    In this code we see
    - [email protected]: it' me
    - SRC=95.239.127.43: message from me
    - DPT=40119: destination port in passive mode range
    and the message is UFW BLOCK.

    I investigate on iptables
     
  7. nhybgtvfr

    nhybgtvfr Active Member

    have you confirmed that you can actually upload any files whilst ufw is still disabled?
     
  8. No I try the upload and not work without firewall too.
    So is not only a firewall problem.
     
  9. Very sorry I was try using filezilla 3.39.0 and got this strange error.
    Strange is the syslog too seames to block the ftp message.
    but after disable uwf same error.
    I try using lftp 4.8.4 and all go well.
    the file was success put on remote server.
    So I think the error was on Filezilla+TLS

    Thank to your help,
    best regards,
    Leonardo
     
  10. nhybgtvfr

    nhybgtvfr Active Member

    yeah, don't think that version of FileZilla works well with tls1.3
    you could just update it, I've got 3.46.0 and that seems ok. (although I stil have tls1.2 enabled as well, so it could be using that)
    but there were definitely known issues with filezila and tls1.3
     
  11. thanks
     

Share This Page