Admin backup - FTP - stopped working

[DC-soft]

Hi,

I'm creating admin backups over FTP.
Some days ago, I get error that the backup failed.

/usr/bin/curl returned error code 7
curl: (7) Failed to connect to xxx.xxx.xxx.xxx port 21: Connection refused
FTP information invalid.

The ftp-connection works fine with a ftp-software.

I then tried with another ftp-server and I get the same error. (Also works fine with a ftp-software)

Any ideas?

 

[realcryptonight]

Hi,

I'm creating admin backups over FTP.
Some days ago, I get error that the backup failed.

/usr/bin/curl returned error code 7
curl: (7) Failed to connect to xxx.xxx.xxx.xxx port 21: Connection refused
FTP information invalid.

The ftp-connection works fine with a ftp-software.

I then tried with another ftp-server and I get the same error. (Also works fine with a ftp-software)

Any ideas?

Check your firewall. By default CSF is configured to allow incoming port 21 and 35000-35999 and block outgoing traffic. And you need outgoing traffic.

 

[DC-soft]

I didn't change anything in my server. Can this suddenly change?

 

[realcryptonight]

No, but by default this is not allowed. So if you made no changes to the firewall then it should never have worked to begin with.

 

[DC-soft]

I added "35000:35999" in outgoing ports and it works now!

Thanks for the help.

 

[realcryptonight]

I added "35000:35999" in outgoing ports and it works now!

Thanks for the help.

No problem. That one caught me off guard a few times too.

 

[Agility]

No problem. That one caught me off guard a few times too.

Ive totally disabled CSF and still have same issue.

 

[Richard G]

disabled CSF and still have same issue.

What OS and distro are you on?
Where are you backupping to?

 

[Agility]

What OS and distro are you on?
Where are you backupping to?

Almalinux8(CLoudlinux)
I just created a $5 VPS on VULTR, I can connect via SSH ftp and sftp, but I get the error when trying to run the backup to ftp option.

At forst I was getting failed login error instantly, at which point I did the CSF firewall steps on other posts here, that worked in that I no longer got the instant fail/error message, but instead I get the long wait, and finally the curl error message as above.

I then ran csf - x and totally disabled CSF but still the long timeout and ftp fail message.

I can confirm the VPS works fine using ftp, sftp via filezilla, I can also connect to the VPS from my directadmin server via sftp and SSH as well.

So everythign works no matter what I do, only issue with direct admin backup

 

[Richard G]

Almalinux8(CLoudlinux)

Oke, on fresh Alma installes often the firewall is installed by default. As I discovered recently, DA does not remove this when installing CSF/LFD.

So you could try this:
systemctl stop firewalld systemctl disable firewalld
this would stop firewalld and prevent it from starting again, so with csf disabled, this also will not block anything anymore.

If you then still encounter the same issue, then you have to look at the receiving FTP server, be sure that PASV is active on that ftp server, and that the firewall does allow traffic of both port 21 and the pasv portrange used by DA to enter.

Next to that, port 20 is the dataport, so this should also be open both incoming and outgoing.

Another trick often used is to put the ip of the receiving FTP server in csf.allow so the firewall won't block it anyay.
But as said, mostly with outgoing traffic issues, the problem lies on the side of the receiving FTP server.

I can also connect to the VPS from my directadmin server via sftp and SSH as well.

That is not the same as normal FTP like curl uses. can connect also using normal ftp from your DA server?
Also try to connect with curl from commandine, like this:
curl -v --insecure ftp://192.168.10.30:21 --user "userid:password"
where ofcourse 192.168.10.30 needs to be replace by your VPS ip and same with userid and password.
What are the results of those tests?

Also try to connect from your VPS to your DA server how that is working from console.

 

[Agility]

[root@srvr2 ~]# firewall-cmd --state
not running
[root@srvr2 ~]# systemctl status firewalld
● firewalld.service
Loaded: masked (Reason: Unit firewalld.service is masked.)
Active: inactive (dead)

Seems it wasn't running so not the issue either.
I've also added the VPS ip address to csf.allow, no change, wouldn't matter anyway as I disable csf anyway with the same issue.

at this point, all I want is an additional backup every second week or so, so the easiest option would be to simply SCP the files over manually and not use the DirectAdmin backup system, just annoying as id love it to be automated.

The last thing I'll try is to disable the firewall on the receiving VPS

Thanks for your input

 

[Richard G]

The last thing I'll try is to disable the firewall on the receiving VPS

Might be helpfull, because I still think the problem is caused by the receiving system.

I've also added the VPS ip address to csf.allow

My mistake, should be at the receiving system. So the server ip should be whitelisted in the VPS. But if you turn of firewall there too, it should have the same effect.

You didnt tried the curl line I posted yet?

 

[Agility]

You didnt tried the curl line I posted yet?

No sorry, not yet, Ive put this issue on hold for the time being as I can simply run a scp folder copy command to get the files accross. I only need to do this once every 2 weeks, or so so its not impacting me alot right now