530 Login incorrect.

[imran_khan]

Hello,

I’m trying to access ftp while getting below error. FTP user name and password are correct. Installed FTP server is pro-ftp. When I stop iptables, it works fine. I have already allowed the ports 20 and 21 in both side (inbound and outbound).

530 Login incorrect.
Login failed.

Please suggest me on this.

Thanks,
Imran Khan.

 

[quietFinn]

I would guess that in the password or username there is leading or trailing whitespace.

 

[PlotHost]

Other FTP accounts work ok ?

 

[stdout]

Have you tried a RAW telnet session to port 21? That would be your best bet as it rules out most other scenarios.
eg.

root@shasta [~]# telnet 0 21
Trying 0.0.0.0...
Connected to 0 (0.0.0.0).
Escape character is '^]'.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 12:30. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
user dyltest
331 User dyltest OK. Password required
pass t3mp4321
230 OK. Current restricted directory is /
quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
Connection closed by foreign host.

- - - Updated - - -

PS. Have you synchronized FTP Passwords? Try changing the password under WHM instead of /scripts/chpass

 

[faisikhan]

Try changing the password under WHM instead of /scripts/chpass

Its recommended you should do that.

 

[cPanelMichael]

When I stop iptables, it works fine.

It sounds like this may be a result of your custom iptables firewall rules if logins work well after stopping the iptables service. Have you tried using a third-party firewall application such as CSF instead of custom iptables firewall rules?

Thank you.

 

[imran_khan]

Hello,

Thanks.

I have already synced FTP password from the WHM. Iptables rule is fine.
I have already allowed port FTP (21) from both side (Inbound and Outbound). When I stop iptables, FTP is working fine. Now I am getting below error.

An error occurred opening that folder on that FTP Server. Make sure you have permission to access that folder.

Details:
The operation timed out.

Thanks,
Imran Khan.

 

[imran_khan]

Hello,

I have made the blow changes.

1). Installed ip_conntrack and ip_conntrack_ftp modules.
# modprobe ip_conntrack
# modprobe ip_conntrack_ftp

2). Added the below line in /etc/sysconfig/iptables-config file and restarted the server but getting same error.
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp ip_conntrack"

Thanks,
Imran Khan.

 

[imran_khan]

Thank you guys,

I have made some changes in iptables firewall and resolved the issue.

Thanks,
Imran Khan.

 

[cPanelMichael]

Thank you guys,

I have made some changes in iptables firewall and resolved the issue.

Do you mind sharing the specific changes you made which resolved the issue for you?

Thank you.

 

[imran_khan]

Hello Michael,

I have added below rules in iptables and I am able to access FTP.

iptables -A OUTPUT -s server_ip -d source_ip -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s server_ip -d source_ip -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s server_ip -d source_ip -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -s source_ip -d server_ip -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -s source_ip -d server_ip -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -s source_ip -d server_ip -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state ESTABLISHED -j ACCEPT

Thanks,
Imran Khan.