Dear all,
I've a clean installation of my server and installed DA with Proftpd. This is because I want to use SFTP and followed this guide, which works perfect.. I can make connections via SFTP.
Guide: https://help.directadmin.com/item.php?id=439
But I cannot connect to FTP sites anymore (scripts in PHP/Python/Wget).
wget ftp://XXXX.txt
--2019-12-15 09:54:26-- ftp://XXX.txt
=> ‘XXX.txt’
Resolving XXX (XXXX)... 1.23.5.5
Connecting to XXX (XXX)|1.23.5.5|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub_weerberichten ... done.
==> SIZE XXX.txt ... 1402
==> PASV ... couldn't connect to 1.23.5.5 port 49049: Connection refused
So I can connect to the FTP server, but it cannot setup a passive port (which is blocked by the firewall) = 49049
While in my proftpd.conf the following rule exist
PassivePorts 35000 35999 => These ports are opened in the firewall.
Why is (for example) wget not using the 35000-35999 range?
Thanks for helping me out
Full config:
I've a clean installation of my server and installed DA with Proftpd. This is because I want to use SFTP and followed this guide, which works perfect.. I can make connections via SFTP.
Guide: https://help.directadmin.com/item.php?id=439
But I cannot connect to FTP sites anymore (scripts in PHP/Python/Wget).
wget ftp://XXXX.txt
--2019-12-15 09:54:26-- ftp://XXX.txt
=> ‘XXX.txt’
Resolving XXX (XXXX)... 1.23.5.5
Connecting to XXX (XXX)|1.23.5.5|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD (1) /pub_weerberichten ... done.
==> SIZE XXX.txt ... 1402
==> PASV ... couldn't connect to 1.23.5.5 port 49049: Connection refused
So I can connect to the FTP server, but it cannot setup a passive port (which is blocked by the firewall) = 49049
While in my proftpd.conf the following rule exist
PassivePorts 35000 35999 => These ports are opened in the firewall.
Why is (for example) wget not using the 35000-35999 range?
Thanks for helping me out
Full config:
Code:
ServerName "ProFTPd"
ServerType standalone
Port 0
<VirtualHost 0.0.0.0>
Port 21
AuthUserFile /etc/proftpd.passwd
</VirtualHost>
PassivePorts 35000 35999
UseReverseDNS off
TimesGMT off
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
ScoreboardFile /var/run/proftpd/proftpd.pid
TransferLog /var/log/proftpd/xferlog.legacy
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
#DON'T modify this log format. Its used by DirectAdmin to determine user usage
LogFormat userlog "%u %b %m %a"
ExtendedLog /var/log/proftpd/IP.bytes WRITE,READ userlog
AuthUserFile /etc/proftpd.passwd
DefaultServer on
AuthOrder mod_auth_file.c
#AuthPAM off
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSProtocol ALL -TLSv1 -TLSv1.1
TLSVerifyClient off
TLSRequired off
#Certificates
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
#TLSCACertificateFile /etc/ftpd/root.cert.pem
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
</IfModule>
<Global>
PassivePorts 35000 35999
DeferWelcome on
RequireValidShell no
DefaultRoot ~
DirFakeUser on ftp
DirFakeGroup on ftp
User ftp
Group ftp
#UserAlias anonymous ftp
AllowStoreRestart on
AllowRetrieveRestart on
ListOptions -a
Umask 022
DisplayLogin welcome.msg
DisplayChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
#ExtendedLog /var/log/proftpd/paranoid.log ALL default
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd.tls.log
TLSRSACertificateFile /etc/exim.cert
TLSRSACertificateKeyFile /etc/exim.key
</IfModule>
</Global>
Include /etc/proftpd.sftp.conf