Applicable to:
- Plesk Onyx for Linux
Symptoms
- Passive FTP connection (plain, non-SSL/TLS) does not work after enabling Plesk Firewall Tools & Settings > Firewall > Enable
- Cannot list directory when connecting in passive mode:
# ftp> dir
227 Entering Passive Mode (192,0,2,2,176,121).
ftp: connect: Connection timed out - The following errors appear in
/var/log/messages:
CONFIG_TEXT: xinetd[2457]: START: ftp pid=4513 from=::ffff:203.0.113.2
proftpd[4513]: processing configuration directory '/etc/proftpd.d'
proftpd[4513]: FTP session opened.
named[3167]: error (network unreachable) resolving - The following errors appear in
/var/log/secure:
CONFIG_TEXT: proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
proftpd[4513]: (203.0.113.2) - USER username: Login successful. - nf_conntrack_ftp module is not loaded:
# lsmod | grep conntrack_ftp
#
Cause
The described behavior is expected if nf_conntrack_ftp module is not loaded.
This is Plesk bug with ID # PPPM-6187: the notification in Plesk UI will be added in future Plesk updates.
Resolution
As a workaround, configure passive ports and load required module as described in the article How to configure a passive ports range for ProFTPd on a server behind a firewall
Comments
10 comments
This worked for us. It should be noted in the release notes.
@Tomas As soon as bug with ID # PPPM-6187 will be fixed it will be noted in release notes
Half year later and this bug is not fixed? Wow...
@Dudebaker, work on bugs is performed in accordance with their priority and impact.
Plesk Development Team does its best to resolve the issue in upcoming updates.
Please fix this bug as soon as possible. I can not use the firewall, although I desperately need it.@Domenico Gruhn
Have you used the described workaround?
@Alisa Kasyanova
it don't list the directory
@Domenico Gruhn
Just checked my test Deb9 Onyx 17.8: FTP with TLS is working properly.
Please check this article, and if it doesn't help, feel free to submit a support request.
@Alisa Kasyanova: i make it work by this two steps:
specify a passive ports range in /etc/proftpd.conf (https://support.plesk.com/hc/en-us/articles/213902285)
and adding a Custom Rule to firewall (https://support.plesk.com/hc/en-us/articles/213368589-Troubleshooting-connections-to-a-Plesk-server-via-FTP-in-the-passive-mode)
@Domenico Gruhn
Great! Good to know that you have figured it out!
Please sign in to leave a comment.