How to be clear about the actual condition of FTP

i read a lot in this forum about ftp, filezilla proftp and a lot of variation. i dont understand why every time that somebody asl about this topic, the tipical answer is " why do you nee?", and, depend of the answer , conversation change of direccion to backup. or other topic.
i have several client form my virtual server, and, for diferent needed, they use ftp, my conclusion is ftp wont work in virtualmin, except in plain mode
in several times, somebody recomend move to sftp (SSH) , because is more sure, i check before recomend it, and i found 2 things

1. config sftp with virtual user name and password is easy and trustable
2. i can surf to any place , include i can move to AVR and ETC root main folder (???)

Actually, I admin 4 diferent server, 2 phisical and 2 virtual, all of them with virtualmin, with diferent ages, all of them in original condition ( i never change code or change default confi), and i still have problems the file transfer
the last time, i needed to move a WP to server , and , after a long losted time i use file file manager to upload , and terminal for hand it, but i cannot say to my clients, “hey, you need to lear how to user terminal and file manager”
can any body give any option to end this problem?

FTP should work as installed on a Virtualmin system. Personally, I don’t use it and have the server shut off so my advice will be very limited.

We need a specific problem to trouble shoot. We need relevant log entries from the times you are attempting to make these connections.

I take it English is not your native language. Are you writing in English or using a translator like Google?

Not used ftp for years, just to find out I restarted the proftp server and it just worked, what errors are your clients getting when trying to connect ?

What do you mean plain mode? Do you mean unencrypted? I have mine on forced TLS.

I would only let clients have ftp access because the base directory is already jailed to their folder. I would not give any client SSH access because they would never need it.

No SSH = not SFTP.

yes, you are right, i write it!
ok, i am going to be specific!.
if i use ftp ( filezilla or winscp), if i config ftp access, in 2 server i only have succes if i config in plain mode (no tls or sll), in the other 2 servers, no chance, some times i receive “ECONNREFUSED - Connection refused by server”, other keep in a long delay.
if i use sftp, access is granted, using virtual server main user, and sftp appears in defualt home or public_html folder, but folder tree is complete, and i can go up and up !

ok , shoulders, i read this article and it is very intereting!, i going to try tomorrow and i will tell you about succes or not!!
tx again

also look on my article for further links under the sections ’ ProFTPd (FTP)’ and ‘Force TLS on FTP’

https://quantumwarp.com/kb/articles/34-web-server/1016-my-virtualmin-notes

Also, SSL will not work any more, only TLS.

about your first article ,i need to tell you that fir part of it (modification of /etc/proftpd/conf.d/virtualmin.com) is part of default setting of virtualmin (as jcameron says after “Ok this has been implemented for inclusion in the next Webmin release.”), but i dont understand the second part of article:

In Webmin -->Servers --> ProFTPD --> Network Options add a html option for

• TLSRequired on/off radio field
• TLSProtocol input fiield, with a suitable value TLSv1.2 TLSv1.3 that is pulled from the conf file. If needed this field could have an off value where this values is not written to the conf.

how can i do it?

This is from my article

• Force TLS on FTP
• This currently does not have any options in the GUI to enable this, but can be done by modifying the config files.
• ProFTPd - Add GUI option to enforce TLS/FTPS easily · Issue #2045 · webmin/webmin · GitHub - Reported on GitHub
• Solution

  • Edit the config file - Webmin -->Servers → ProFTPD Server → Edit Config Files → Editing config file: /etc/proftpd/conf.d/virtualmin.conf

  • Enforce TLS by changing:

    TLSRequired off → TLSRequired on

  • Optionally, add the following to declare what TLS protocols are allowed. Add this just below ‘TLSRequired’ They have to be installed on the system to work. The example below is just to give you context, you probably only want TLSv1.2.

    TLSProtocol TLSv1 TLSv1.1 TLSv1.2

  • Save the config.

  • Apply the changes (this will restart the ProFTPD service).

tx, now i understand, i make this change in one of my server, and after save and apply (restarting daemon), i try again in filezilla, and i receive the same arror that before
“Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing”
"

ok i read your articule, my problem is diferent, BUT when i use debug mode in filezilla , i discovered that proftpd use intenal ip, NO external ip, and this is the razon of reject passive mode, the question is i dont know where i change this ip!

i use MasqueradeAddress xx.xxx.xx.x. option , know i jump over passive mode problem, but i still have problem with error ¨Retrieving directory listing…¨¨

the last piece of puzzle was hardware filewall (NAT) , i open range port from 49152 to 65535, and : voila!!!
tx to my fellows!!!

Or you could just not use that mode.

Active mode requires a lot of the client’s router/firewall, in that the server has to call back to the client. Passive mode does not need any special treatment in the firewall, as the server doesn’t need to be able to make a connection back to the client. Passive mode is the default mode in any modern FTP client for this reason, you’re making it harder on yourself by forcing active mode.

I found this useful article

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.