Applicable to:
- Plesk Onyx for Linux
Symptoms
- Passive FTP connection (plain, non-SSL/TLS) does not work after enabling Plesk Firewall Tools & Settings > Firewall > Enable
- Cannot list directory when connecting in passive mode:
# ftp> dir
227 Entering Passive Mode (192,0,2,2,176,121).
ftp: connect: Connection timed out - Error in
/var/log/messages
:
CONFIG_TEXT: xinetd[2457]: START: ftp pid=4513 from=::ffff:203.0.113.2
proftpd[4513]: processing configuration directory '/etc/proftpd.d'
proftpd[4513]: FTP session opened.
named[3167]: error (network unreachable) resolving - Error in
/var/log/secure
:
CONFIG_TEXT: proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
proftpd[4513]: (203.0.113.2) - USER username: Login successful. - passive FTP ports are configured and allowed in firewall
- nf_conntrack_ftp module listing shows the following:
# lsmod | grep conntrack_ftp
#
Cause
nf_conntrack_ftp module is not loaded.
Plesk bug with ID PPPM-6187: a warning about not loaded nf_conntrack module is not shown in Plesk. It will be added in future updates.
Resolution
- Log in to Plesk server via SSH
-
Enable the kernel modules in the system:
Note: Actions that involves kernel modules configuration should be performed on a physical or a virtual machine with full hardware emulation. If a VZ container is used, the same actions should be performed on a hardware node where this VZ container is running. Contact the hosting provider if access to the hardware node is needed.
2.1. Add the modules to the configuration file:
# echo nf_nat_ftp >> /etc/modules-load.d/modules.conf
# echo nf_conntrack_ftp >> /etc/modules-load.d/modules.conf2.2. On CentOS/RHEL, add the modules to the
IPTABLES_MODULES
line in the/etc/sysconfig/iptables-config
file as follows:CONFIG_TEXT: IPTABLES_MODULES="nf_conntrack_ftp ip_nat_ftp"
Comments
12 comments
This worked for us. It should be noted in the release notes.
@Tomas As soon as bug with ID # PPPM-6187 will be fixed it will be noted in release notes
Half year later and this bug is not fixed? Wow...
@Dudebaker, work on bugs is performed in accordance with their priority and impact.
Plesk Development Team does its best to resolve the issue in upcoming updates.
Please fix this bug as soon as possible. I can not use the firewall, although I desperately need it.
@Domenico Gruhn
Have you used the described workaround?
@Alisa Kasyanova
it don't list the directory
@Domenico Gruhn
Just checked my test Deb9 Onyx 17.8: FTP with TLS is working properly.
Please check this article, and if it doesn't help, feel free to submit a support request.
@Alisa Kasyanova: i make it work by this two steps:
specify a passive ports range in /etc/proftpd.conf (https://support.plesk.com/hc/en-us/articles/213902285)
and adding a Custom Rule to firewall (https://support.plesk.com/hc/en-us/articles/213368589-Troubleshooting-connections-to-a-Plesk-server-via-FTP-in-the-passive-mode)
@Domenico Gruhn
Great! Good to know that you have figured it out!
Plesk 18.0.29, if I enable Firewall rule with Filezilla is impossible to connect (The contents of the folder could not be read), If I disable it the firewall itn work.
The above solution doesn't work.
Ivano Diodati it is required to review firewall rules you have on the server and other settings as well. I do recommend please to create a support request.
Please sign in to leave a comment.