pure-ftpd on centos 5.8

Discussion in 'Installation/Configuration' started by veneficus, Mar 29, 2012.

  1. veneficus

    veneficus New Member

    Hi to all,
    i am uite newby to ispconfig. but finally i got ISPconfig3 following the perfect guide.

    The first issue i had for noe if for the FTP user using pure-ftpd installed from repos. filezilla client correcltly connects to server but give the error:
    Disconnected from server ECONNABORTED - Connection aborted
    i can't read server directories.

    Iptables is disabled, fail2ban was disabled for testing portposes, the only thing log says is user is connected then dissconected, i did try to use another FTP client, same error.

    also i have tried with passive or active connection, no luck.

    i take a look the client directory exist, it existes, maybe a path ? problem in the ISPconfig cp? but i don't really find a way to fix it
     
  2. till

    till Super Moderator

    Please post the exact lines you get in the log.
     
  3. veneficus

    veneficus New Member

    here's more info

    Thanks for your answer, so here more details:

    HTML:
    pure-ftpd-1.0.29-1.el5.1

    here the logo from : /var/log/messages

    HTML:
    Mar 30 05:25:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 05:30:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 05:30:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 05:35:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 05:35:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 05:40:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 05:40:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 05:45:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 05:45:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 05:50:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 05:50:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 05:55:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 05:55:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:00:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:00:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:05:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:05:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:10:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:10:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:15:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:15:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:20:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:20:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:25:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:25:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:30:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:30:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:35:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:35:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:40:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:40:02 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:42:39 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] New connection from 95.244.92.42
    Mar 30 06:42:39 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] gloria is now logged in
    Mar 30 06:43:07 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] New connection from 95.244.92.42
    Mar 30 06:43:07 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] gloria is now logged in
    Mar 30 06:44:38 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] New connection from 95.244.92.42
    Mar 30 06:44:38 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] gloria is now logged in
    Mar 30 06:45:01 ocsinet pure-ftpd: (gloria@95.244.92.42) [INFO] Logout.
    Mar 30 06:45:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:45:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    Mar 30 06:45:29 ocsinet pure-ftpd: (gloria@95.244.92.42) [INFO] Logout.
    Mar 30 06:47:00 ocsinet pure-ftpd: (gloria@95.244.92.42) [INFO] Logout.
    Mar 30 06:49:41 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] New connection from 95.244.92.42
    Mar 30 06:49:41 ocsinet pure-ftpd: (?@95.244.92.42) [INFO] gloria is now logged in
    Mar 30 06:50:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Mar 30 06:50:01 ocsinet pure-ftpd: (?@127.0.0.1) [INFO] Logout.
    
    As you can see there's a lot of 127.0.0.1 connection, i don't know why this happens.

    the command: cat /proc/sys/net/ipv4/ip_local_port_range

    says: 32768 61000

    for complete all details i give you also the pro-ftpd.conf file:
    HTML:
    ############################################################
    #                                                          #
    #         Configuration file for pure-ftpd wrappers        #
    #                                                          #
    ############################################################
    
    # If you want to run Pure-FTPd with this configuration
    # instead of command-line options, please run the
    # following command :
    #
    # /usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
    #
    # Please don't forget to have a look at documentation at
    # http://www.pureftpd.org/documentation.shtml for a complete list of
    # options.
    
    # Cage in every user in his home directory
    
    ChrootEveryone              yes
    
    
    
    # If the previous option is set to "no", members of the following group
    # won't be caged. Others will be. If you don't want chroot()ing anyone,
    # just comment out ChrootEveryone and TrustedGID.
    
    # TrustedGID                    100
    
    
    
    # Turn on compatibility hacks for broken clients
    
    BrokenClientsCompatibility  no
    
    
    
    # Maximum number of simultaneous users
    
    MaxClientsNumber            50
    
    
    
    # Fork in background
    
    Daemonize                   yes
    # Maximum number of sim clients with the same IP address
    
    MaxClientsPerIP             8
    
    
    
    # If you want to log all client commands, set this to "yes".
    # This directive can be duplicated to also log server responses.
    
    VerboseLog                  yes
    
    
    
    # List dot-files even when the client doesn't send "-a".
    
    DisplayDotFiles             yes
    
    
    
    # Don't allow authenticated users - have a public anonymous FTP only.
    
    AnonymousOnly               no
    
    
    
    # Disallow anonymous connections. Only allow authenticated users.
    
    NoAnonymous                 yes
    
    
    
    # Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
    # The default facility is "ftp". "none" disables logging.
    
    SyslogFacility              ftp
    
    
    
    # Display fortune cookies
    
    # FortunesFile              /usr/share/fortune/zippy
    
    # Don't resolve host names in log files. Logs are less verbose, but
    # it uses less bandwidth. Set this to "yes" on very busy servers or
    # if you don't have a working DNS.
    
    DontResolve                 yes
    
    
    
    # Maximum idle time in minutes (default = 15 minutes)
    
    MaxIdleTime                 15
    
    
    
    # LDAP configuration file (see README.LDAP)
    
    # LDAPConfigFile                /etc/pure-ftpd/pureftpd-ldap.conf
    
    
    
    # MySQL configuration file (see README.MySQL)
    
    MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf
    
    
    # Postgres configuration file (see README.PGSQL)
    
    # PGSQLConfigFile               /etc/pure-ftpd/pureftpd-pgsql.conf
    
    
    # PureDB user database (see README.Virtual-Users)
    
    # PureDB                        /etc/pure-ftpd/pureftpd.pdb
    
    
    # Path to pure-authd socket (see README.Authentication-Modules)
    
    # ExtAuth                       /var/run/ftpd.sock
    
    
    
    # If you want to enable PAM authentication, uncomment the following line
    
    # PAMAuthentication             yes
    
    # If you want simple Unix (/etc/passwd) authentication, uncomment this
    
    # UnixAuthentication            yes
    
    
    
    # Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
    # UnixAuthentication can be used only once, but they can be combined
    # together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
    # the SQL server will be asked. If the SQL authentication fails because the
    # user wasn't found, another try # will be done with /etc/passwd and
    # /etc/shadow. If the SQL authentication fails because the password was wrong,
    # the authentication chain stops here. Authentication methods are chained in
    # the order they are given.
    
    
    
    # 'ls' recursion limits. The first argument is the maximum number of
    # files to be displayed. The second one is the max subdirectories depth
    
    LimitRecursion              7500 8
    
    
    
    # Are anonymous users allowed to create new directories ?
    
    AnonymousCanCreateDirs      no
    
    
    
    # If the system is more loaded than the following value,
    # anonymous users aren't allowed to download.
    
    MaxLoad                     4
    
    
    
    # Port range for passive connections replies. - for firewalling.
    
    #  PassivePortRange          30000 50000
    
    
    
    # Force an IP address in PASV/EPSV/SPSV replies. - for NAT. # Symbolic host names are also accepted for gateways with dynamic IP
    # addresses.
    
    # ForcePassiveIP                192.168.0.1
    
    
    
    # Upload/download ratio for anonymous users.
    
    # AnonymousRatio                1 10
    
    
    
    # Upload/download ratio for all users.
    # This directive superscedes the previous one.
    
    # UserRatio                 1 10
    
    
    
    # Disallow downloading of files owned by "ftp", ie.
    # files that were uploaded but not validated by a local admin.
    
    
    AntiWarez                   yes
    
    
    
    # IP address/port to listen to (default=all IP and port 21).
    
    # Bind                      127.0.0.1,21
    
    
    
    # Maximum bandwidth for anonymous users in KB/s
    
    # AnonymousBandwidth            8
    
    
    
    # Maximum bandwidth for *all* users (including anonymous) in KB/s
    # Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
    
    # UserBandwidth             8
    
    # File creation mask. <umask for files>:<umask for dirs> .
    # 177:077 if you feel paranoid.
    
    Umask                       133:022
    
    
    
    # Minimum UID for an authenticated user to log in.
    
    MinUID                      500
    
    
    
    # Do not use the /etc/ftpusers file to disable accounts. We're already
    # using MinUID to block users with uid < 500
    
    UseFtpUsers no
    
    
    
    # Allow FXP transfers for authenticated users.
    
    AllowUserFXP                no
    
    
    
    # Allow anonymous FXP for anonymous and non-anonymous users.
    
    AllowAnonymousFXP           no
    
    
    
    # Users can't delete/write files beginning with a dot ('.')
    # even if they own them. If TrustedGID is enabled, this group
    # will have access to dot-files, though.
    
    ProhibitDotFilesWrite       no
    
    
    
    # Prohibit *reading* of files beginning with a dot (.history, .ssh...)
    
    ProhibitDotFilesRead        no
    
    # Never overwrite files. When a file whoose name already exist is uploaded,
    # it get automatically renamed to file.1, file.2, file.3, ...
    
    AutoRename                  no
    
    
    
    # Disallow anonymous users to upload new files (no = upload is allowed)
    
    AnonymousCantUpload         yes
    
    
    
    # Only connections to this specific IP address are allowed to be
    # non-anonymous. You can use this directive to open several public IPs for
    # anonymous FTP, and keep a private firewalled IP for remote administration.
    # You can also only allow a non-routable local IP (like 10.x.x.x) to
    # authenticate, and keep a public anon-only FTP server on another IP.
    
    #TrustedIP                  10.1.1.1
    
    
    
    # If you want to add the PID to every logged line, uncomment the following
    # line.
    
    #LogPID                     yes
    
    
    
    # Create an additional log file with transfers logged in a Apache-like format :
    # fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
    # This log file can then be processed by www traffic analyzers.
    
    AltLog                     clf:/var/log/pureftpd.log
    
    
    
    # Create an additional log file with transfers logged in a format optimized
    # for statistic reports.
    
    # AltLog                     stats:/var/log/pureftpd.log
    
    
    
    # Create an additional log file with transfers logged in the standard W3C# format (compatible with most commercial log analyzers)
    
    # AltLog                     w3c:/var/log/pureftpd.log
    
    
    
    # Disallow the CHMOD command. Users can't change perms of their files.
    
    #NoChmod                     yes
    
    
    
    # Allow users to resume and upload files, but *NOT* to delete them.
    
    #KeepAllFiles                yes
    
    
    
    # Automatically create home directories if they are missing
    
    #CreateHomeDir               yes
    # Enable virtual quotas. The first number is the max number of files.
    # The second number is the max size of megabytes.
    # So 1000:10 limits every user to 1000 files and 10 Mb.
    
    #Quota                       1000:10
    
    
    
    # If your pure-ftpd has been compiled with standalone support, you can change
    # the location of the pid file. The default is /var/run/pure-ftpd.pid
    
    #PIDFile                     /var/run/pure-ftpd.pid
    
    
    
    # If your pure-ftpd has been compiled with pure-uploadscript support,
    # this will make pure-ftpd write info about new uploads to
    # /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
    # spawn a script to handle the upload.
    
    #CallUploadScript yes
    
    
    
    # This option is useful with servers where anonymous upload is
    # allowed. As /var/ftp is in /var, it save some space and protect
    # the log files. When the partition is more that X percent full,
    # new uploads are disallowed.
    
    MaxDiskUsage               99
    
    
    
    # Set to 'yes' if you don't want your users to rename files.
    
    #NoRename                  yes
    
    
    
    # Be 'customer proof' : workaround against common customer mistakes like
    # 'chmod 0 public_html', that are valid, but that could cause ignorant
    # customers to lock their files, and then keep your technical support busy
    # with silly issues. If you're sure all your users have some basic Unix
    # knowledge, this feature is useless. If you're a hosting service, enable it.
    
    CustomerProof              yes
    
    
    
    # Per-user concurrency limits. It will only work if the FTP server has
    # been compiled with --with-peruserlimits (and this is the case on
    # most binary distributions) .
    # The format is : <max sessions per user>:<max anonymous sessions>
    # For instance, 3:20 means that the same authenticated user can have 3 active
    # sessions max. And there are 20 anonymous sessions max.
    
    # PerUserLimits            3:20
    
    
    
    # When a file is uploaded and there is already a previous version of the file
    # with the same name, the old file will neither get removed nor truncated.
    # Upload will take place in a temporary file and once the upload is complete,
    # the switch to the new version will be atomic. For instance, when a large PHP
    # script is being uploaded, the web server will still serve the old version and
    # immediatly switch to the new one as soon as the full file will have been
    # transfered. This option is incompatible with virtual quotas.
    
    # NoTruncate               yes
    
    
    
    # This option can accept three values :
    # 0 : disable SSL/TLS encryption layer (default).
    # 1 : accept both traditional and encrypted sessions.
    # 2 : refuse connections that don't use SSL/TLS security mechanisms,
    #     including anonymous sessions.
    # Do _not_ uncomment this blindly. Be sure that :
    # 1) Your server has been compiled with SSL/TLS support (--with-tls),
    # 2) A valid certificate is in place,
    # 3) Only compatible clients will log in.
    
    # TLS                      1
    
    
    
    # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
    # By default, both IPv4 and IPv6 are enabled.
    
    # IPV4Only                 yes
    
    # Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
    # By default, both IPv4 and IPv6 are enabled.
    
    # IPV6Only                 yes
    
    # UTF-8 support for file names (RFC 2640)
    # Define charset of the server filesystem and optionnally the default charset
    # for remote clients if they don't use UTF-8.
    # Works only if pure-ftpd has been compiled with --with-rfc2640
    
    # FileSystemCharset     big5
    # ClientCharset         big5
    If you need more just tell thanks in advance for any help :)
     
  4. veneficus

    veneficus New Member

    Sorry forgot to add filezilla client log:

    Code:
    Risposta:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Risposta:	220-You are user number 1 of 50 allowed.
    Risposta:	220-Local time is now 11:00. Server port: 21.
    Risposta:	220-This is a private system - No anonymous login
    Risposta:	220-IPv6 connections are also welcome on this server.
    Risposta:	220 You will be disconnected after 15 minutes of inactivity.
    Comando:	USER gloria
    Risposta:	331 User gloria OK. Password required
    Comando:	PASS **********
    Risposta:	230-User gloria has group access to:  client3    sshusers  
    Risposta:	230 OK. Current restricted directory is /
    Comando:	OPTS UTF8 ON
    Risposta:	200 OK, UTF-8 enabled
    Stato:	Connesso
    Stato:	Lettura elenco cartelle...
    Comando:	PWD
    Risposta:	257 "/" is your current location
    Comando:	TYPE I
    Risposta:	200 TYPE is now 8-bit binary
    Comando:	PASV
    Errore:	Disconnesso dal server: ECONNABORTED - Connection aborted
    Errore:	Non è stato possibile leggere il contenuto della cartella
    also if i do: ls -l /var/www/clients
    output is:
    totale 28
    drwxr-xr-x 3 root root 4096 29 mar 18:04 client1
    drwxr-xr-x 3 root root 4096 28 mar 17:07 client13
    drwxr-xr-x 3 root root 4096 28 mar 22:58 client16
    drwxr-xr-x 3 root root 4096 29 mar 15:10 client2
    drwxr-xr-x 3 root root 4096 29 mar 16:45 client3
    drwxr-xr-x 3 root root 4096 28 mar 22:59 client4
    drwxr-xr-x 3 root root 4096 28 mar 23:00 client5
     
    Last edited: Mar 30, 2012
  5. veneficus

    veneficus New Member

    ok meantime i tried to reinstall pure-ftpd and ispconfig 3.

    all seems to go ok but when it tries to start services i have:

    Avvio di pure-ftpd: 421 Unknown authentication method: mysql:/etc/pure-ftpd/pureftpd-mysql.conf
    [FALLITO]


    ok i am getting insane, hoope someone can have a solution.
     
  6. veneficus

    veneficus New Member

    fixed by own i did
    Code:
    yum remove pure-ftpd
    then:
    Code:
    rm -rf /usr/share/doc/pure-ftpd-1.0.29

    still can't have direcotry listening
     
  7. falko

    falko Super Moderator

    Is this a physical server or a virtual machine? If the latter, do you use OpenVZ?

    What's the output of
    Code:
    getenforce
    ?
     
  8. veneficus

    veneficus New Member

    This is a phsical server, no i don,t use any virtualization
     
  9. falko

    falko Super Moderator

    What's the output of
    Code:
    getenforce
    ?
     
  10. veneficus

    veneficus New Member

    already tried.

    output is : Disalbledd
     
  11. falko

    falko Super Moderator

    That's ok. Could it be some external firewall (e.g. on your router) that is causing these problems?
     
  12. veneficus

    veneficus New Member

    open ports on server as maild to webfarm:

    Open ports:
    80
    443
    22
    21528
    465
    21
    20
    110


    Thanks a lot falko for your replies :)
    25
     
    Last edited: Apr 2, 2012
  13. veneficus

    veneficus New Member

    Nice none found a solution, got mine:

    forget to install pure-ftp by yum , just wget the latest release and compile it BEFORE ISPconfig3 or will not work. then restart the server et voilà.

    for passive port remember to eneble it in .conf file.

    hope can help someone else.

    have nice networking !
     

Share This Page