[SOLVED] [WORKARROUND] Proxmox 3.4 FTP passive mode

Virtualizer

Active Member
Dec 19, 2011
90
5
28
Dear,

to activate FTP passive mode for containers, I have read in the docu, that on the host must been load
modprobe ip_conntrack_ftp

But this will not load the ip_conntrack_ftp! I get this on host:

lsmod | grep conntrack_ftp

this only:

nf_conntrack_ftp 11841 1 nf_nat_ftp
nf_conntrack 80586 13 nf_conntrack_ipv4,nf_conntrack_ftp,nf_conntrack_irc,xt_conntrack,xt_helper,xt_state,nf_nat,iptable_nat,nf_nat_ftp,nf_nat_irc,vzcpt,vzrst,nf_conntrack_ipv6

Its a debian 7.10 with uname -a

Linux MYHOST 2.6.32-44-pve #1 SMP Mon Jan 25 13:03:39 CET 2016 x86_64 GNU/Linux

Have somewhere an Idea?
 
OK: I have understand now, that the ip_conntrack_ftp is an alias for nf_conntrack_ftp so about this is not in lsmod listed!
I have in vz.conf and equal in the container.conf this iptables-settings:

/etc/pve/openvz/109.conf

IPTABLES="ip_tables iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT xt_mac ipt_recent ipt_owner "

In the container a check is not possible with lsmod - OK, but how I can test now, that all the iptables modules are usable in the container?

Why the problems are not resolved and I found not why!

I have checked too with pve-firewall stop and with stopped firewall in container and I thing so, that proftpd is correct configured with the ports and so!

After the FTP command MLSD the client hangs and lost connection with timeout!
 
So, In first I have a workarround, but this make me not happy and I can see in many many forums this big problems with FTP / Aktiv / Passiv / MLSD and lost connection direct when MLSD was send, most in combination with Filezilla Client! This is the same for cPanel and Plesk in a container under proxmox and must not been a problem of setting of proxmox! The other forums shows every time resolutions about passive mode and ports and something on, but this is not every time the problem!

With the settings for a container, as I have written before, the FTP active and passive works fine, but ONLY WITHOUT TLS encryption!

In cPanel must been set FTP-Server-Configuration and their TLS encryption support: Disabled
Warning: with setting: "optional" the FileZilla has same problems!

In Plesk under Security -> Security Roles and their under Security FTP must set to "only non security FTP-connections"
Warning with setting: "both secure and unsecure" make same problems!

and then on both FTP functions in active / passive mode with LiveZilla!

So now, I will check why in combination of TLS their are problems, why we have no ports blocked and the certificate was accepted in the moment of the FTP connection was initiate and every time later as when MLSD was sendet the problemes comes!
The problems exists too, when the firewall on host (pve-firewall) and for the container is OFF too!
Only without TLS as I have now written here, with this workarround the ftp works fine and with not security!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!