What’ I’ve noticed is that virtualmin’s scheduled backup using FTP will try to send the files with random ports.
But my FTP server has csf installed, and since I can’t open up random ports, it won’t upload. It says that the upload has failed and connection timed out.
I also added the ip address in csf.ignore but it’s not working.
Is there a way for virtualmin to use the consistent port number?
Or should I set something up in csf?
Well, it’s not using random ports… the ports you’re seeing are part of the FTP protocol – the FTP server and Virtualmin server negotiate the port to use for which to perform the file transfer.
Could you use, say, SSH rather than FTP? It’s a simpler protocol, you’d only need to open port 22.
Alternatively, you can specify a specific range of ports to use for the FTP protocol – and then open up that range of ports.
I’m not familiar with how CSF works, but I do see some documentation on the subject here:
Of particular interest are #1 and #4 in that FAQ entry.
I also had to change the csf.conf to enable the csf.ignore.
SSH feels insecure if the account ever gets hacked.
But I shall try it one day if it really is more secure.
Thank you so much!
SSH feels insecure if the account ever gets hacked. But I shall try it one day if it really is more secure.
The issue with FTP is that it is a clear-text protocol… so anyone able to sniff the traffic can see what’s being transmitted.
That makes it somewhat simple for someone to obtain your backups.
It’s harder to lock a user into a single directory with SSH – but it’s otherwise a much more secure protocol, and the transmissions are all encrypted.
One thing you could do is use the “scponly” shell, which limits users to accessing the account for file transfers. I think that would work with the Virtualmin backups, though I haven’t tested that
Also, if this isn’t a public server your pushing the backups to, some folks change the port SSH runs on to increase security.
I’m trying to use the Virtualmin backup to another server and am also getting the dreaded message “425 Unable to build data connection: No route to host”
I’ve checked FTP settings and firewall (ftp and ftp-data are in iptables) and can’t determine why.
I can FTP using Total Commander but can’t ftp between servers,
I wonder if its to do with source ftp-data required in iptables?
I’m a bit confused about using SSH to do the FTp so I need to investigate to see if I can set that up
solved this problem very easily on this thread. FTP now working
thank you very much !