pureFtp server trouble with login

T

timeJunky

New Member
Dec 21, 2010
23
0
1
hello,

the login from within the hypervisor to the vm is working successfully.
Login with a client outside also works. But it is not possible to list the directory.

Masqueradin on shorewall is on and FTP(DNAT) is switched on.


Other services on vm with mail, ssh, and so on works fine.

Code: 
FTP(DNAT):$LOG    net    dmz:$IP_VCUSTOMERS

But FileZilla (accessing from client outside the proxmox server) returns:
Code: 
Status:    Verbinde mit 84.1...:21...
Status:    Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Antwort:    220-You are user number 1 of 50 allowed.
Antwort:    220-Local time is now 01:09. Server port: 21.
Antwort:    220-This is a private system - No anonymous login
Antwort:    220-IPv6 connections are also welcome on this server.
Antwort:    220 You will be disconnected after 15 minutes of inactivity.
Befehl:    USER npe_brd 
Antwort:    331 User npe_brd OK. Password required
Befehl:    PASS ********
Antwort:    230-User npe_brd has group access to:  client2  sshusers
Antwort:    230 OK. Current restricted directory is /
Status:    Verbunden
Status:    Empfange Verzeichnisinhalt...
Befehl:    PWD
Antwort:    257 "/" is your current location
Befehl:    TYPE I
Antwort:    200 TYPE is now 8-bit binary
Befehl:    PASV
Antwort:    227 Entering Passive Mode (10,10,150,100,185,34)
Status:    Vom Server gesendete Adresse für den Passiv-Modus ist nicht routingfähig. Benutze stattdessen die Serveradresse.
Befehl:    MLSD
Fehler:    Zeitüberschreitung der Verbindung
Fehler:    Verzeichnisinhalt konnte nicht empfangen werden
However, it doesn't mother whether I use the IP or not.

The syslog of the pureftp vm displays:
Code: 
Mar 31 01:15:29 vata...esi pure-ftpd: (?@92.73.209.74) [INFO] New connection from 92.73.209.74
Mar 31 01:15:29 vata...esi pure-ftpd: (?@92.73.209.74) [INFO] npe_brd is now logged in
Mar 31 01:16:01 vata...esi /USR/SBIN/CRON[3053]: (root) CMD (/usr/local/ispconfig/server/server.sh > /dev/null 2>> /var/log/ispconfig/cron.log)
With virtualbox following was recommended in former time:
Code: 
vzctl set 105 --capability="CHOWN:on  DAC_READ_SEARCH:on SETGID:on SETUID:on NET_BIND_SERVICE:on NET_ADMIN:on  SYS_CHROOT:on SYS_NICE:on" --save
Any ideas what goes wrong?
 
Thx!

I changed the range for the control ports for pure ftp in /etc/init.d/pure-ftpd
with:

Code: 
DESC="ftp server"
: ${SSDAEMONLOGOPTS:="--quiet -p 50000:50400"}

and added your rules additionally with:
Code: 
FTP(DNAT):$LOG    net    dmz:$IP_VCUSTOMERS
DNAT              net    dmz:$IP_VCUSTOMERS       tcp      50000:50400  -    $IP_V_S
DNAT              net    dmz:$IP_VCUSTOMERS       tcp      1023:2024    -    $IP_V_S

Result on ftp.server
Code: 
cat /proc/sys/net/ipv4/ip_local_port_range
32768   61000
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back