Can't remotely connect to FTP

Hello,

I’m migrating my website to a new server on Debian 9, both old & new servers use VirtualMin 6.08.

On the new server, I can’t connect by FTP (nor FTP/TLS) remotely. It’s working locally, but remotely it just times out without any message.

I tried this without success : https://virtualmin.com/node/20661 .

Proftp is listening on the port 21 :

lsof -i :21
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
proftpd 8212 proftpd 0u IPv6 19031762 0t0 TCP *:ftp (LISTEN)

Log has 0 trace of my login attempts :

cat /var/log/proftpd/proftpd.log
2020-01-25 16:59:35,331 my–website–com proftpd[1409] my–website–com (localhost[127.0.0.1]): FTP session opened.
2020-01-25 17:00:35,999 my–website–com proftpd[1409] my–website–com (localhost[127.0.0.1]): FTP session closed.
2020-01-25 17:15:16,587 my–website–com proftpd[13021] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:15:16,600 my–website–com proftpd[13021] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:15:46,012 my–website–com proftpd[13216] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:16:01,482 my–website–com proftpd[13216] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:16:11,595 my–website–com proftpd[13412] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:16:20,952 my–website–com proftpd[13412] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:16:31,077 my–website–com proftpd[13543] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:16:34,351 my–website–com proftpd[13543] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:16:44,430 my–website–com proftpd[13626] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:16:50,089 my–website–com proftpd[13626] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:17:00,166 my–website–com proftpd[13731] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:17:02,553 my–website–com proftpd[13731] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:17:12,672 my–website–com proftpd[13824] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:17:12,853 my–website–com proftpd[13824] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:17:22,949 my–website–com proftpd[13881] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:17:23,163 my–website–com proftpd[13881] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:17:33,241 my–website–com proftpd[13956] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:17:39,198 my–website–com proftpd[13956] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:17:49,334 my–website–com proftpd[14064] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:17:49,503 my–website–com proftpd[14064] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:17:59,598 my–website–com proftpd[14143] 0.0.0.0 (–myip–): SSH2 session opened.
2020-01-25 17:18:01,511 my–website–com proftpd[14143] 0.0.0.0 (–myip–): SSH2 session closed.
2020-01-25 17:19:20,515 my–website–com proftpd[27036] my–website–com: ProFTPD killed (signal 15)
2020-01-25 17:19:20,515 my–website–com proftpd[27036] my–website–com: ProFTPD 1.3.5b standalone mode SHUTDOWN
2020-01-25 17:19:21,619 my–website–com proftpd[16253] my–website–com: ProFTPD 1.3.5b (maint) (built Wed Oct 23 2019 21:34:50 UTC) standalone mode STARTUP
2020-01-25 17:23:17,118 my–website–com proftpd[16253] my–website–com: ProFTPD killed (signal 15)
2020-01-25 17:23:17,119 my–website–com proftpd[16253] my–website–com: ProFTPD terminating (signal 7)
2020-01-25 17:23:17,119 my–website–com proftpd[16253] my–website–com: ProFTPD terminating (signal 7)
2020-01-25 17:23:17,119 my–website–com proftpd[16253] my–website–com: FTP session closed.
2020-01-25 17:23:18,228 my–website–com proftpd[18813] my–website–com: ProFTPD 1.3.5b (maint) (built Wed Oct 23 2019 21:34:50 UTC) standalone mode STARTUP
2020-01-25 17:24:51,879 my–website–com proftpd[18813] my–website–com: ProFTPD killed (signal 15)
2020-01-25 17:24:51,879 my–website–com proftpd[18813] my–website–com: ProFTPD 1.3.5b standalone mode SHUTDOWN
2020-01-25 17:24:52,983 my–website–com proftpd[21261] my–website–com: ProFTPD 1.3.5b (maint) (built Wed Oct 23 2019 21:34:50 UTC) standalone mode STARTUP
2020-01-25 17:25:13,876 my–website–com proftpd[21261] my–website–com: ProFTPD killed (signal 15)
2020-01-25 17:25:13,876 my–website–com proftpd[21261] my–website–com: ProFTPD 1.3.5b standalone mode SHUTDOWN
2020-01-25 17:25:15,130 my–website–com proftpd[21572] my–website–com: ProFTPD 1.3.5b (maint) (built Wed Oct 23 2019 21:34:50 UTC) standalone mode STARTUP
2020-01-25 18:37:33,158 my–website–com proftpd[21572] my–website–com: ProFTPD killed (signal 15)
2020-01-25 18:37:33,159 my–website–com proftpd[21572] my–website–com: ProFTPD 1.3.5b standalone mode SHUTDOWN
2020-01-25 18:37:34,268 my–website–com proftpd[8212] my–website–com: ProFTPD 1.3.5b (maint) (built Wed Oct 23 2019 21:34:50 UTC) standalone mode STARTUP

(the 1st connection is local)

SSH doesn’t work either, failing with a message, though :

Error: FATAL ERROR: Network error: Connection refused

As I had activated the FTP/TLS (following https://www.virtualmin.com/node/29262 ) on my old server, I tried to activate it as well on the new server, but it didn’t change anything either.

Thanks in advance for any help ! :slight_smile:

Works locally but not remotely? Sounds like a firewall is blocking the remote connection.

FTP is allowed in Webmin -> Networking -> FirewallID .

I just added the port 21 in Webmin -> Networking -> Linux Firewall & Linux IPv6 Firewall, but it didn’t change anything.

I tried to move the ProFTP port to 23, but it didn’t change anything as well.

“iptables -L -n --line-numbers” doesn’t show my IP (nor any others).

I use FileZilla and it times out both with Active & Passive mode.

I turned “UseIPv6” off in ProFTP, with no effect either.

This is really puzzling… :astonished:

Following https://www.virtualmin.com/node/39547 , I removed & reinstalled ProFTP and it still fails.

I tried Windows FTP command and it timed out as well.

From my server ,“Telnet [MyIP] 21” works correctly.

I stopped FirewallD and now it’s working ! :open_mouth:

I noticed no interface was selected, so I selected the active one with no result, then all still with no result.

So I’m not sure why it’s not working correctly and still blocking the Port 21 while the FTP Service is allowed… :confounded:

I restarted FirewallD and the FTP fails again…

FirewallD config :

Despite being shown in the config (as seen on the picture in the previous post), the FTP service wasn’t listed in the FirewallD config :

~ firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1 lo dummy0 ifb0 ifb1 teql0
sources:
services: ssh dhcpv6-client smtp smtps pop3 pop3s imap imaps http https
ports: 587/tcp 53/tcp 20/tcp 2222/tcp 10000-10100/tcp 20000/tcp 1025-65535/tcp 53/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

So I allowed the port 21 instead and now it’s alright… :roll_eyes:

Excellent troubleshooting!! : )

(we’ve all been bitten by those pesky (but needful) firewalls)

1 Like