Backup failing on new server install : ftp command connects but curl fails

S

ssgill

Verified User
Joined
May 9, 2012
Messages
164
Hello, not able to perform backup because of curl failure to connect to ftp. Ftp server is running on local network, installed ftp on directadmin debian server and was able to make connection using
ftp 10.2.16.20
Click to expand...
and then username and password all good logged in.

Testing with directadmin script from this url : https://help.directadmin.com/item.php?id=502
getting this error

curl: (7) Failed to connect to 10.2.16.20 port 21: Connection refused
curl return code: 7
Click to expand...

With curl command line

curl -v --insecure ftp://10.2.16.20:21 --user "userid:password"
Click to expand...

This is out by curl

* Trying 10.2.16.20:21...
* Connected to 10.2.16.20 (10.2.16.20) port 21 (#0)
< 220-Microsoft FTP Service
< 220 banner
> USER user
< 331 Password required
> PASS password
< 230-welcome
< 230 User logged in.
> PWD
< 257 "/" is current directory.
* Entry path is '/'
* Request has same path as previous transfer
> EPSV
* Connect data stream passively
* ftp_perform ends with SECONDARY: 0
< 229 Entering Extended Passive Mode (|||5559|)
* Trying 10.2.16.20:5559...
* Connecting to 10.2.16.20 (10.2.16.20) port 5559
* connect to 10.2.16.20 port 21 failed: Connection refused
* Failed to connect to 10.2.16.20 port 21: Connection refused
* Failed EPSV attempt. Disabling EPSV
> PASV
< 227 Entering Passive Mode (10,2,16,20,21,184).
* Skip 10.2.16.20 for data connection, re-use 10.2.16.20 instead
* Trying 10.2.16.20:5560...
* Connecting to 10.2.16.20 (10.2.16.20) port 5560
* connect to 10.2.16.20 port 21 failed: Connection refused
* Failed to connect to 10.2.16.20 port 21: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 10.2.16.20 port 21: Connection refused
Click to expand...
Click to expand...

Thanks for your time.
 
< 220-Microsoft FTP Service
Click to expand...
???? Microsoft FTP service? Directadmin does not use Microsoft FTP service. So that seems odd to me.
Ah never mind this is your local server on your local machine.

Are your forwards correctly setup?
You do know that not only port 21 but also your passive port-range needs to be forwarded? Because when I see the log, I get the impression these ports are not open.
I think that is your problem since internally it's working correctly.

Also, be aware that outgoing connections can't be closed fully. FTP always uses a data connection on port 20. This is a (I belive it's called) stated-related connection. It's setup automatically by the FTP service when a correct login is made via port 21.
So don't create a static "deny all" on outgoing firewall rule.
 
Richard G said:
???? Microsoft FTP service? Directadmin does not use Microsoft FTP service. So that seems odd to me.
Ah never mind this is your local server on your local machine.

Are your forwards correctly setup?
You do know that not only port 21 but also your passive port-range needs to be forwarded? Because when I see the log, I get the impression these ports are not open.
I think that is your problem since internally it's working correctly.

Also, be aware that outgoing connections can't be closed fully. FTP always uses a data connection on port 20. This is a (I belive it's called) stated-related connection. It's setup automatically by the FTP service when a correct login is made via port 21.
So don't create a static "deny all" on outgoing firewall rule.
Click to expand...
Thanks,
PassivePorts 35000 35999
are open, i can make successful connection using plain old ftp command but curl ftp is having issue. This setup was working fine before moving from Centos to Debian. Had backup of csf so all setting's are same. FTP server does not run any secure ssl.
 
Here is the new documentation site. https://docs.directadmin.com/directadmin/backup-restore-migration/backup-to-remote

In Debian
Look in options.conf
is curl=no OR yes
Code: 
whereis curl
See if you have both CB curl and apt curl installed
should look like this
curl: /usr/bin/curl /usr/share/man/man1/curl.1.gz
not
like
curl: /usr/bin/curl /usr/local/bin/curl /usr/share/man/man1/curl.1.gz (or similar)

Solved - configure: error: libcurl not found. libcurl (e.g. libcurl-devel) is required in order to build freshclam and clamsubmit.

During Directadmin stable release installation I got this error but curl is installed. Tested maybe 3 times and the installation terminated itself. I think maybe clamAV has a new version. What should be the version of curl?: .... checking whether signed right shift is sign extended... yes...
forum.directadmin.com forum.directadmin.com
 
Last edited:
options.conf
curl=yes

whereis curl
curl: /usr/local/bin/curl /opt/netdata/bin/curl

curl --version
curl 7.74.0 (x86_64-pc-linux-gnu) libcurl/7.74.0 OpenSSL/1.1.1d zlib/1.2.11 zstd/1.4.5 nghttp2/1.36.0
Release-Date: 2020-12-09
Protocols: dict file ftp ftps gopher http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets zstd
 
make sure
Code: 
apt install libcurl4-openssl-dev
is installed
also
check that debian curl in not installed
Code: 
apt list --installed | grep curl
 
Thanks all for your input, it was internal firewall blocking the passive ports. Firewall was not changed in any way and same settings were working before, going over logs to figure out why it was working on old setup and on new setup same ports were blocked.
Thanks again for your input.
 
bdacus01 said:
make sure
Code: 
apt install libcurl4-openssl-dev
is installed
also
check that debian curl in not installed
Code: 
apt list --installed | grep curl
Click to expand...
Thanks, just want to explore on system installed curl and directadmin managing curl.

dpkg -l | grep -i curl
ii libcurl3-gnutls:amd64 7.64.0-4+deb10u1 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
ii libcurl4:amd64 7.64.0-4+deb10u1 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour)
ii libcurl4-openssl-dev:amd64 7.64.0-4+deb10u1 amd64 development files and documentation for libcurl (OpenSSL flavour)
ii python3-pycurl 7..43.0.2-0.1 amd64 Python bindings to libcurl (Python 3)
Click to expand...
I also have curl=yes ( which i would assume means that directadmin will manage curl )

Whereis curl
whereis curl
curl: /usr/local/bin/curl /opt/netdata/bin/curl
Click to expand...

Looks like i have one curl and managed by directadmin

Where as on my test server whereis curl gives me 2 paths
options.conf
curl=no ( this was yes before, i changed it to no and rebuild directadmin )
https://help.directadmin.com/item.php?id=696

but i still have 2 paths for curl
curl: /usr/bin/curl /usr/local/bin/curl /opt/netdata/bin/curl /usr/share/man/man1/curl.1.gz
Click to expand...

I removed system installed curl and getting same output as on my live server.
All in all setup looks correct and should i change options.con curl to yes.

Thanks
 
ssgill said:
should i change options.con curl to yes.
Click to expand...
I actually do it the opposite way. It should be one or the other. I think it easier to maintain the apt package.
I have no set in options.conf
and installed
apt install curl
then removed
the CB curl

Either way is supposed to be fine just not both.
 
if you need to remove cb curl its
./build remove_curl
or
./build remove_items
 
ssgill said:
PassivePorts 35000 35999 are open
Click to expand...
This is the passive portrange for incoming traffic on your Directadmin server. I was talking about your Windows FTP server which curl is trying to connect. That's the log you placed.

I'm looking at these lines:
Code: 
< 229 Entering Extended Passive Mode (|||5559|)
*   Trying 10.2.16.20:5559...
These passive ports are quite different.
So I thought this might need adjustment. Unless curl will indeed automatically switch to normal FTP if pasv is not needed/used. I never use curl.

However seems indeed it's a curl issue when I read the answers.
 
You must log in or register to reply here.
Back
Top