Articles in this section

See more

Unable to connect to a Plesk server via FTP when FTP ports are filtered by a firewall: Connection timed out

Avatar
Kuzma Ivanov
Updated
Follow

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Symptoms

  • One of the following error messages appears, when connecting to a server via FTP in active mode:

    CONFIG_TEXT: Status: Connecting to 203.0.113.2:21...
    Status: Connection attempt failed with "ETIMEDOUT - Connection attempt timed out".
    Error: Could not connect to server

    OR

    CONFIG_TEXT: ftp: connect: Connection timed out

    OR

    CONFIG_TEXT: ftp: connect: Connection refused

    OR

    CONFIG_TEXT: 425 Unable to build data connection: Connection timed out

    OR

    CONFIG_TEXT: 425 Unable to build data connection: Permission denied

    OR

    CONFIG_TEXT: Error: Connection timed out after 20 seconds of inactivity

    OR

    CONFIG_TEXT: Timeout detected. (data connection)
    Could not retrieve directory listing
    Error listing directory '/'

    OR

    CONFIG_TEXT: Error: Cannot establish FTP connection to an SFTP server. Please select proper protocol.
    Error: Critical error: Could not connect to server

  • It is possible to connect to FTP directly from the server via localhost:

    # ftp localhost
    Connected to localhost (127.0.0.1).
    220 ProFTPD Server (ProFTPD) [127.0.0.1]
    Name (localhost:root): ftp_user
    331 Password required for ftp_user
    Password:
    230 User ftp_user logged in
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp>

  • It is not possible to disable the option Use passive mode at Tools & Settings > Backup Manager > FTP Storage Settings :

    PLESK_ERROR: Error: Unable to access to the storage: Transport error: unable to list directory: Curl error: (30) FTP: command PORT failed: Last FTP request: PORT 172,16,185,194,169,76 Last FTP response: 500 Illegal PORT command
    Make sure you have entered the correct storage settings. You can check them independently with the command:
    curl -v -P - --ssl -k -u user 'ftp://example.com//user/server3//'

  • Backups to this FTP server fail with the following error:

    CONFIG_TEXT: Error: Unable to access to the storage: Transport error: unable to list directory: Curl error: (7) Couldn't connect to server: Last FTP request: Last FTP response: Make sure you have entered the correct storage settings. You can check them independently with the command: curl -v -P - --ssl -k -u ftp_user 'ftp://203.0.113.2//Backup/'

  • Port 21 is filtered/blocked on the server, with which an FTP connection cannot be established:

    # nmap 203.0.113.2 -p 21
    PORT STATE SERVICE
    21/tcp filtered ftp-data

  • TCP port 20, which is used as FTP data port, is filtered/closed by a firewall:

    # nmap -Pn 203.0.113.2 -p 20
    Starting Nmap 6.47 ( http://nmap.org ) at 2016-05-14 02:41 NOVT
    Nmap scan report for 203.0.113.2
    Host is up.
    PORT STATE SERVICE
    20/tcp filtered ftp-data

Cause

FTP data transfer channel cannot be established because TCP ports 21 and/or 20 is/are filtered.

Resolution

Open ports 20 and 21:

 

Opening ports via Plesk Firewall

 

  1. In Plesk, go to Tools & Settings > Firewall and click Enable.

    Note: If Plesk Firewall is not installed, use this installation guide.

  2. Next, click Modify Plesk Firewall Rules.

  3. Click on the FTP server rule > select Allow > click OK.


    Screenshot_2018-12-07_Plesk_Onyx_17_8_11.png

  4. Now click Add Custom Rule and fill in the fields as shown below. Once done, click OK.


    Screenshot_2018-12-07_Plesk_Onyx_17_8_11_1_.png

  5. Click Apply Changes.

    On Windows Server, additionally check Windows Firewall instructions.

 

Opening ports via a command-line interface on a Linux server

 

  1. Connect to a Plesk server via SSH.

  2. Install the optional package for managing iptables:

    • for CentOS/RHEL-based distributions:

      # apt install -y iptables-persistent

    • for Debian/Ubuntu-based distributions:

      # yum install -y iptables-services
      # systemctl enable iptables-services

  3. Allow incoming connections to the ports 20 and 21:

    • for CentOS/RHEL-based distributions:

      # iptables -I INPUT 1 -p tcp --dport=20 -j ACCEPT
      # iptables -I INPUT 1 -p tcp --dport=21 -j ACCEPT
      # service iptables save

    • for Debian/Ubuntu-based distributions:

      # iptables -I INPUT 1 -p tcp --dport=20 -j ACCEPT
      # iptables -I INPUT 1 -p tcp --dport=21 -j ACCEPT
      # iptables-save > /etc/iptables/rules.v4

 

Opening ports in Windows Firewall on a Plesk for Windows server

 

  1. Connect to a Plesk server via RDP.

  2. Open Windows Firewall in Control Panel.

  3. In Windows Firewall, click Advanced settings > Inbound Rules.

  4. Make sure the following FTP rules are enabled.


    FTP_rules__2_.PNG

 

If after opening the FTP ports in a server firewall these ports are still blocked, make sure that:

  • There are no other rules that prohibit FTP connection in Plesk at Tools & Settings > Firewall.

  • A third-party firewall, in case it is used, is not blocking the connection to the FTP ports.

  • An intermediary firewall between a Plesk server and the Internet is not filtering the FTP ports. Contact your Internet Service Provider (ISP) for assistance.

 

Related Articles

Comments

2 comments

Sort by Date Votes
  • Avatar
    M. Meijer

    cant access my files in the first place...

     

    0
    Comment actions Permalink
  • Avatar
    Lev Iurev

    @M. Meijer Could you please clarify the case?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles