Scheduled backup - FTP port?

et100 · October 25, 2011, 1:12pm

Hi.

What’ I’ve noticed is that virtualmin’s scheduled backup using FTP will try to send the files with random ports.
But my FTP server has csf installed, and since I can’t open up random ports, it won’t upload. It says that the upload has failed and connection timed out.

I also added the ip address in csf.ignore but it’s not working.

Is there a way for virtualmin to use the consistent port number?
Or should I set something up in csf?

Thank you!

Eric · October 25, 2011, 3:07pm

Howdy,

Well, it’s not using random ports… the ports you’re seeing are part of the FTP protocol – the FTP server and Virtualmin server negotiate the port to use for which to perform the file transfer.

Could you use, say, SSH rather than FTP? It’s a simpler protocol, you’d only need to open port 22.

Alternatively, you can specify a specific range of ports to use for the FTP protocol – and then open up that range of ports.

I’m not familiar with how CSF works, but I do see some documentation on the subject here:

http://www.configserver.com/techfaq/index.php?faqid=67

Of particular interest are #1 and #4 in that FAQ entry.

-Eric

et100 · October 26, 2011, 12:22pm

I also had to change the csf.conf to enable the csf.ignore.

SSH feels insecure if the account ever gets hacked.
But I shall try it one day if it really is more secure.

Thank you so much!

Eric · October 26, 2011, 1:49pm

SSH feels insecure if the account ever gets hacked. But I shall try it one day if it really is more secure.

The issue with FTP is that it is a clear-text protocol… so anyone able to sniff the traffic can see what’s being transmitted.

That makes it somewhat simple for someone to obtain your backups.

It’s harder to lock a user into a single directory with SSH – but it’s otherwise a much more secure protocol, and the transmissions are all encrypted.

One thing you could do is use the “scponly” shell, which limits users to accessing the account for file transfers. I think that would work with the Virtualmin backups, though I haven’t tested that

Also, if this isn’t a public server your pushing the backups to, some folks change the port SSH runs on to increase security.

-Eric

duncanbbd · October 31, 2011, 12:09am

I’m trying to use the Virtualmin backup to another server and am also getting the dreaded message “425 Unable to build data connection: No route to host”

I’ve checked FTP settings and firewall (ftp and ftp-data are in iptables) and can’t determine why.
I can FTP using Total Commander but can’t ftp between servers,

I wonder if its to do with source ftp-data required in iptables?

I’m a bit confused about using SSH to do the FTp so I need to investigate to see if I can set that up

cheers Brian

duncanbbd · October 31, 2011, 12:19am

solved this problem very easily on this thread. FTP now working

https://www.virtualmin.com/node/19990

thank you very much !