Applicable to:
- Plesk Onyx for Linux
Symptoms
- Passive FTP connection (plain, non-SSL/TLS) does not work after enabling Plesk Firewall Tools & Settings > Firewall > Enable
- Cannot list directory when connecting in passive mode:
# ftp> dir
227 Entering Passive Mode (192,0,2,2,176,121).
ftp: connect: Connection timed out - Error in
/var/log/messages:
CONFIG_TEXT: xinetd[2457]: START: ftp pid=4513 from=::ffff:203.0.113.2
proftpd[4513]: processing configuration directory '/etc/proftpd.d'
proftpd[4513]: FTP session opened.
named[3167]: error (network unreachable) resolving - Error in
/var/log/secure:
CONFIG_TEXT: proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
proftpd[4513]: (203.0.113.2) - USER username: Login successful. - passive FTP ports are configured and allowed in firewall
- nf_conntrack_ftp module listing shows the following:
# lsmod | grep conntrack_ftp
#
Cause
nf_conntrack_ftp module is not loaded.
Plesk bug with ID PPPM-6187: a warning about not loaded nf_conntrack module is not shown in Plesk. It will be added in future updates.
Resolution
Note: This article may require additional administrative knowledge to apply. If any help required, contact server’s administrator or hosting support.
- Log in to Plesk server via SSH
-
Enable the kernel modules in the system:
Note: Actions that involves kernel modules configuration should be performed on a physical or a virtual machine with full hardware emulation. If a VZ container is used, the same actions should be performed on a hardware node where this VZ container is running.
2.1. Add the modules to the configuration file:
# echo nf_nat_ftp >> /etc/modules-load.d/modules.conf
# echo nf_conntrack_ftp >> /etc/modules-load.d/modules.conf2.2. On CentOS/RHEL, add the modules to the
IPTABLES_MODULESline in the/etc/sysconfig/iptables-configfile as follows:CONFIG_TEXT: IPTABLES_MODULES="nf_conntrack_ftp ip_nat_ftp"
Comments
10 comments
This worked for us. It should be noted in the release notes.
@Tomas As soon as bug with ID # PPPM-6187 will be fixed it will be noted in release notes
Half year later and this bug is not fixed? Wow...
@Dudebaker, work on bugs is performed in accordance with their priority and impact.
Plesk Development Team does its best to resolve the issue in upcoming updates.
Please fix this bug as soon as possible. I can not use the firewall, although I desperately need it.@Domenico Gruhn
Have you used the described workaround?
@Alisa Kasyanova
it don't list the directory
@Domenico Gruhn
Just checked my test Deb9 Onyx 17.8: FTP with TLS is working properly.
Please check this article, and if it doesn't help, feel free to submit a support request.
@Alisa Kasyanova: i make it work by this two steps:
specify a passive ports range in /etc/proftpd.conf (https://support.plesk.com/hc/en-us/articles/213902285)
and adding a Custom Rule to firewall (https://support.plesk.com/hc/en-us/articles/213368589-Troubleshooting-connections-to-a-Plesk-server-via-FTP-in-the-passive-mode)
@Domenico Gruhn
Great! Good to know that you have figured it out!
Please sign in to leave a comment.