Page 1 of 2
FTP directory listing problems
Posted: Thu Dec 18, 2014 12:00 pm
by cagatay
Hello,
From time to time I have to connect Vesta's FTP when I am behind a firewall, NAT, etc..
it is not only me, but also the clients.
When I try to connect FTP, it gives
Code: Select all
Error: Connection timed out
Error: Failed to retrieve directory listing
When I am directly connected to the internet, it gives no error.
Changing ACTIVE/PASSIVE mode from ftp client make no change.
The only solution I found is to disable/stop iptables from Vesta's services menu.
How can I keep ftp clients connected (able to list directories) even when they are behind firewall and keep iptables running at the same time?
Re: FTP directory listing problems
Posted: Thu Dec 18, 2014 6:45 pm
by imperio
Hello,
Try to use this command
Code: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 11:55 am
by cagatay
imperio wrote:Hello,
Try to use this command
Code: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Imperio thanks it works, but how do I make it permanent? it has to be repeated everytime I reboot.
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 1:46 pm
by imperio
cagatay wrote:imperio wrote:Hello,
Try to use this command
Code: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Imperio thanks it works, but how do I make it permanent? it has to be repeated everytime I reboot.
It is permanent
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 1:55 pm
by cagatay
imperio wrote:cagatay wrote:imperio wrote:Hello,
Try to use this command
Code: Select all
echo "PROTOCOL='TCP' PORT='12000:12100'" >> /usr/local/vesta/data/firewall/ports.conf
Imperio thanks it works, but how do I make it permanent? it has to be repeated everytime I reboot.
It is permanent
unfortunately it is not. I am repeating the same commands everytime I restart the server...
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 1:59 pm
by sim
Can you restart the server and paste here results of
iptables -L
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 2:01 pm
by cagatay
sim wrote:Can you restart the server and paste here results of
iptables -L
Code: Select all
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dpor
s ssh
fail2ban-VESTA tcp -- anywhere anywhere tcp dpt:8083
fail2ban-MAIL tcp -- anywhere anywhere multiport dpo
ts smtp,ssmtp,submission,2525,pop3,pop3s,imap2,imaps
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere multiport dports
ttp,https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctsta
e NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere multiport dports
mtp,ssmtp,submission,2525
ACCEPT tcp -- anywhere anywhere multiport dports
op3,pop3s
ACCEPT tcp -- anywhere anywhere multiport dports
map2,imaps
ACCEPT tcp -- anywhere anywhere multiport dports
ysql,postgresql
ACCEPT tcp -- anywhere anywhere tcp dpt:8083
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- ns1.eretek.net anywhere
ACCEPT all -- localhost anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:https
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere tcp spt:imap2
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
ACCEPT tcp -- anywhere anywhere tcp spt:postgresq
ACCEPT tcp -- anywhere anywhere tcp spt:http-alt
ACCEPT tcp -- anywhere anywhere tcp spt:8433
ACCEPT tcp -- anywhere anywhere tcp spt:8083
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere tcp spts:12000:12
00
ACCEPT tcp -- anywhere anywhere state RELATED,EST
BLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-MAIL (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-VESTA (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain vesta (0 references)
target prot opt source destination
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 2:24 pm
by sim
Hmm, you have bunch of same rules for passive FTP, but it means they get saved and should work.
I have never had any problems since i added passive ports in firewall. Is your computer firewall configured correctly?
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 2:56 pm
by cagatay
sim wrote:Hmm, you have bunch of same rules for passive FTP, but it means they get saved and should work.
I have never had any problems since i added passive ports in firewall. Is your computer firewall configured correctly?
I have windows firewall disabled. Actually this came to my notice one of clients reported his ftp client gives directory browsing error, than I connected from my computer and I get the same error.
When I type your commands, it allows directory browsing temporarily (they have to be applied each time I restart server)
Re: FTP directory listing problems
Posted: Mon Jan 12, 2015 3:16 pm
by imperio
What operating system on your server?