The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP problem again.

Discussion in 'General Discussion' started by skipper5, Oct 29, 2005.

  1. skipper5

    skipper5 Member

    Joined:
    Sep 2, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Hey all,

    I know this topic seems to have been covered several times from the searching I have done, so I apologize for starting another one if this answer is out there already.

    Ok so FTP problem I have and my clients.

    It takes an extremely long time to log in. When and if it does login the directory listing is empty. I was using WS_ftp for this. I just happen to try SmartFTP and noticed that this software brings up the port number. Then the light bulb went on.
    Sure enough this port range that it was trying to use was not allowed by the Firewall -APF.
    So I went into the config added that port range and what do you know it worked.

    But now here is the part I do not understand. The ports seem to be incrementing. So once it exceeds my port range I can not FTP again. So obviously it has something to do with APF and my FTP software - proftpd.

    So does anyone know why the port ranges would just keep incrementing like that and what I can do. Maybe this could be something that is going on with other people?


    Hope someone knows.

    Thanks
    :eek:
     
  2. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    I'm not totally sure but I remember FTP service in passive mode uses 3000_3500... you may try to add that and verify your rules at APF configuration.
     
  3. skipper5

    skipper5 Member

    Joined:
    Sep 2, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Hey thanks for the reply.

    I did already add that port range. But see the problem is the port range that it is connecting on is incrementing or something. So I would have to keep increasing the range from 3000_3500 to more. I had this 3000_3500 then FTP stopped working. Then I increased it to 3000_5000 worked then stopped working again. So I increased it to 3000_5500 and it worked. So of course I am defeating the purpose of the APF but for debugging that is what I did??
     
  4. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    You may have something really wrong at your box.. or the ftp service.... ports for FTP are 21 or the passive range that I told you.. this is very rare :confused:
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If APF/iptables is working correctly you should never have to open a hole in your firewall for FTP as it uses SPI (stateful packet inspection) to determine if you can open PASV ports. Are you using proftpd or pure-ftpd? If proftpd, you might want to try changing over to pure-ftpd and see if that improves things

    You might want to check in /var/log/messages for iptables errors when you try and FTP in. Whether you do or not, make sure you're using the latest version of APF as recent former releases had bugs which caused issues on some servers for FTP and POP3 connections.
     
  6. skipper5

    skipper5 Member

    Joined:
    Sep 2, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I am using proftpd.
    I did switch over to pure-ftpd and it did not change anything. Stopping the APF service gets things working just fine.

    I do have a feeling I am not using the latest version of APF. Could you walk me through checking the version and upgrading if needed?
     
Loading...

Share This Page