We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
FTP directory listing problems
FTP directory listing problems
Hello,
From time to time I have to connect Vesta's FTP when I am behind a firewall, NAT, etc..
it is not only me, but also the clients.
When I try to connect FTP, it gives
When I am directly connected to the internet, it gives no error.
Changing ACTIVE/PASSIVE mode from ftp client make no change.
The only solution I found is to disable/stop iptables from Vesta's services menu.
How can I keep ftp clients connected (able to list directories) even when they are behind firewall and keep iptables running at the same time?
From time to time I have to connect Vesta's FTP when I am behind a firewall, NAT, etc..
it is not only me, but also the clients.
When I try to connect FTP, it gives
Code: Select all
Error: Connection timed out
Error: Failed to retrieve directory listing
Changing ACTIVE/PASSIVE mode from ftp client make no change.
The only solution I found is to disable/stop iptables from Vesta's services menu.
How can I keep ftp clients connected (able to list directories) even when they are behind firewall and keep iptables running at the same time?
Re: FTP directory listing problems
Hello,
Try to use this command
Try to use this command
Code: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Code: Select all
v-update-firewall
Re: FTP directory listing problems
Imperio thanks it works, but how do I make it permanent? it has to be repeated everytime I reboot.imperio wrote:Hello,
Try to use this commandCode: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Code: Select all
v-update-firewall
Re: FTP directory listing problems
It is permanentcagatay wrote:Imperio thanks it works, but how do I make it permanent? it has to be repeated everytime I reboot.imperio wrote:Hello,
Try to use this commandCode: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Code: Select all
v-update-firewall
Re: FTP directory listing problems
unfortunately it is not. I am repeating the same commands everytime I restart the server...imperio wrote:It is permanentcagatay wrote:Imperio thanks it works, but how do I make it permanent? it has to be repeated everytime I reboot.imperio wrote:Hello,
Try to use this commandCode: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Code: Select all
v-update-firewall
Re: FTP directory listing problems
Can you restart the server and paste here results of
iptables -L
Re: FTP directory listing problems
sim wrote:Can you restart the server and paste here results of
iptables -L
Code: Select all
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dpor
s ssh
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:8083
fail2ban-MAIL tcp -- anywhere anywhere multiport dpo
ts smtp,ssmtp,submission,2525,pop3,pop3s,imap2,imaps
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports
ttp,https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctsta
e NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports
mtp,ssmtp,submission,2525
ACCEPT tcp -- anywhere anywhere multiport dports
op3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports
map2,imaps
ACCEPT tcp -- anywhere anywhere multiport dports
ysql,postgresql
ACCEPT tcp -- anywhere anywhere tcp dpt:8083
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- ns1.eretek.net anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere tcp spt:imap2
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:postgresq
ACCEPT tcp -- anywhere anywhere tcp spt:http-alt
ACCEPT tcp -- anywhere anywhere tcp spt:8433
ACCEPT tcp -- anywhere anywhere tcp spt:8083
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere state RELATED,EST
BLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain vesta (0 references)
target prot opt source destination
Re: FTP directory listing problems
Hmm, you have bunch of same rules for passive FTP, but it means they get saved and should work.
I have never had any problems since i added passive ports in firewall. Is your computer firewall configured correctly?
I have never had any problems since i added passive ports in firewall. Is your computer firewall configured correctly?
Re: FTP directory listing problems
I have windows firewall disabled. Actually this came to my notice one of clients reported his ftp client gives directory browsing error, than I connected from my computer and I get the same error.sim wrote:Hmm, you have bunch of same rules for passive FTP, but it means they get saved and should work.
I have never had any problems since i added passive ports in firewall. Is your computer firewall configured correctly?
When I type your commands, it allows directory browsing temporarily (they have to be applied each time I restart server)
Re: FTP directory listing problems
What operating system on your server?