FTP won't work in a Ubuntu CT

N

N!nja

Member
Aug 27, 2020
4
0
6
33
Hello everybody,

I currently have the problem that I cannot log into my Ubuntu container via ftp. I have the FTP macro active in the firewall, but filezilla cannot open any directories ... If the PVE firewall for the container is completely switched off, it works without problems ...

Can someone explain or solve this (quick and dirty)?
 
maybe try to load the ftp conntrack helper:

"modprobe nf_conntrack_ftp" in your proxmox host


to have it loaded on boot, add

/etc/modules-load.d/nf_conntrack.conf
Code: 
nf_conntrack
nf_conntrack_ipv4
nf_conntrack_ipv6
nf_conntrack_ftp
 
hello and thank you for your feedback. Unfortunately, that didn't really help either.

I tried to sniff the ports used, and I saw that a lot of traffic is used via ports in the range of 49xxx etc, so I enabled ports 40000 to 59999 in the PVE firewall (for testing). Even then it didn't work ...

Ultimately, the container should store various images from my surveillance cameras. Therefore it is not an option to turn off the firewall for the container
 
OK... the solution was so simple.
Idk that I could force the server to use certain ports

/etc/vsftpd.conf
Code: 
pasv_enable=Yes
pasv_max_port=10100
pasv_min_port=10090
And then open this ports in the FW :)
 
N!nja said:
OK... the solution was so simple.
Idk that I could force the server to use certain ports

/etc/vsftpd.conf
Code: 
pasv_enable=Yes
pasv_max_port=10100
pasv_min_port=10090
And then open this ports in the FW :)
Click to expand...

yes. (but with conntrack module, you should be able to only open 21, this is strange that it's not working).
The ftp conntrack helper is listening in ftp command channel when the server respond to client with the random port list, and then after at data channel, auto open dynamic ports.
 
yes, but how does the Conntrack_module on the PVE and the FTP server on the guest work together?
I didn't quite understand that, so it's difficult for me to find the fault.

EDIT: this is the log from FileZilla
Code: 
Status: Resolving the IP address for NAME
Status: Connect with IP:21 ...
Status: connection established, waiting for welcome message ...
Status: Insecure server; it does not support FTP over TLS.
Status: Registered
Status: Receiving directory content ...
Command: PWD
Answer: 257 "/ home / camera" is the current directory
Command: TYPE I
Answer: 200 Switching to Binary mode.
Command: PASV
Answer: 227 Entering Passive Mode.
Command: LIST
Error: Connection timed out after 20 seconds of inactivity
Error: Directory contents could not be received
Status: Connection to the server disconnected
Status: Resolving the IP address for openhab
Status: Connect with IP:21 ...
Status: connection established, waiting for welcome message ...
Status: Insecure server; it does not support FTP over TLS.
Status: Registered
Status: Receiving directory content ...
....
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom