SOLVED FTP Stuck at passive connection port while ports are open

Inna

Member
Mar 10, 2018
19
6
3
Iran
cPanel Access Level
Root Administrator
Hi,
Tonight I faced an strange issue, this is my FileZilla connection log:
Code:
Status:    Resolving address of fdqn.domain.com
Status:    Connecting to 1.1.1.1:21...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Server does not support non-ASCII characters.
Status:    Logged in
Status:    Retrieving directory listing...
It sticks here while my hostname has valid Let's Encrypt Certificate and I see no problem with it in internet browsers.
I checked /var/log/messages and this is the logs:
Code:
Nov  4 22:41:58 hostname proftpd: 2020-11-04 22:41:58,385 fdqn.domain.com proftpd[12955] MY_SERVER_IP (MY_IP[MY_IP]): mod_delay/0.7: no DelayOnEvent rules configured with "DelayTable none" in effect, disabling module
Nov  4 22:41:58 hostname proftpd: 2020-11-04 22:41:58,386 fdqn.domain.com proftpd[12955] MY_SERVER_IP (MY_IP[MY_IP]): FTP session opened.
Nov  4 22:41:58 hostname proftpd: 2020-11-04 19:11:58,742 fdqn.domain.com proftpd[12955] MY_SERVER_IP (MY_IP[MY_IP]): USER my_user: Login successful.
Nov  4 22:49:18 hostname proftpd: 2020-11-04 19:19:18,809 fdqn.domain.com proftpd[12444] MY_SERVER_IP (MY_IP[MY_IP]): Client session idle timeout, disconnected
Nov  4 22:49:18 hostname proftpd: 2020-11-04 19:19:18,813 fdqn.domain.com proftpd[12444] MY_SERVER_IP (MY_IP[MY_IP]): FTP session closed
Ports are open in CSF firewall, I removed the ports and added them again.
I also checked /var/cpanel/conf/proftpd/local file and it has these two lines as required:
Code:
MasqueradeAddress: 203.0.113.0
PassivePorts: 49152 65534
I changed my ftp server to pureftp, but nothing changed. Then I reverted it back to proftp.
Also when I telnet ip 21, it connects and there's no problem. I checked active mode with my mobile phone and it connects in active mode in my phone but no passive connection. I changed charset in FileZilla to force using UTF8, but did not work.
I googled a lot but none of them helped me.

I just updated my WHM/cPanel to version 92.0.0 and checked it again but failed :(

Besides your answers which is my pleasure:
1- Can I ask my DC if ports 49152 to 65534 are closed by them? Is it relatable?
2- Should I be able to telnet one of these ports when the issue is resolved? Does it matter which port I check?

Thanks
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
161
56
103
Denmark
cPanel Access Level
Root Administrator
Hi!

When passive connections are stuck at directory listing it's in 9/10 because of blocked passive ports (or bad configuration).
You write that you have added MasqueradeAddress: 203.0.113.0 to the local file. Is that an actual copy/paste or did you replace your ip address with the dummy address?
 
  • Like
Reactions: Inna

Inna

Member
Mar 10, 2018
19
6
3
Iran
cPanel Access Level
Root Administrator
Hi!

When passive connections are stuck at directory listing it's in 9/10 because of blocked passive ports (or bad configuration).
You write that you have added MasqueradeAddress: 203.0.113.0 to the local file. Is that an actual copy/paste or did you replace your ip address with the dummy address?
Hi,
I did copy and paste actually from cPanel docs, and it's really this IP in my local file, and it's also this IP address in /etc/proftpd.conf file too.
Do you mean I should replace this IP in local file with my ACTUAL SERVER IP?
 

Inna

Member
Mar 10, 2018
19
6
3
Iran
cPanel Access Level
Root Administrator
That was the whole thing and point! Oh my GOD! What gaffe I did. I did fix many things like this and exactly this, but I'm not sure why I did not remember to do with actual IP :)

Thanks for the hint and in fact the answer :)
 
  • Like
Reactions: cPRex

cPAdminsMichael

Well-Known Member
Dec 19, 2016
161
56
103
Denmark
cPanel Access Level
Root Administrator
You should only use MasqueradeAddress if your server run in NAT mode. So if you run in NAT mode, replace the IP address with your public WAN ip address. Else, remove the line (you could remove the whole file as the listed passive ports are actually the default ones) - and run /scripts/setupftpserver proftpd
 
  • Like
Reactions: Inna

cPAdminsMichael

Well-Known Member
Dec 19, 2016
161
56
103
Denmark
cPanel Access Level
Root Administrator
Super - great that you got it working! ;-)
 
  • Like
Reactions: Inna