Virtualmin backup - strange error??

Hi guys,

Weird question about Virtualmin and Ubuntu…

Whenever i run a sheduled backup on virtualmin it starts great and works perfect but everytime at least 1 virtual server fails (but its not always the same virtual server) in the email log it says this…

Uploading archive to FTP server ..
.. upload failed! Failed to connect to 192.168.2.2:28275 : Connection timed out

Not even sure where 192.168.2.2 even comes from as thats not the FTP in the configuration or the FTP where the files are going too.

Can anyone help me.

James (XB23)

This error is coming from the return connection (note the high port). Presumably one side or the other of your connection is behind some sort of NAT device, and there are private addresses involved…and I’m further presuming that its handling of that high port FTP activity is not perfect.

Try using a smarter, like SSH, to copy the files. A single connection protocol will be more reliable over a NATted network link, since that second network connection doesn’t need to be setup by the other side.

Or, it may be possible to configure Webmin to use passive FTP, but I haven’t used FTP in years…so I have no clue how one configures FTP in Webmin (and I’d encourage you to figure out how to use SSH in your environment rather than spending the same time figuring out how to use passive FTP). ;-)<br><br>Post edited by: Joe, at: 2008/03/19 13:08

Had the same error. It seems that the error always occurs at the end of the transmission. Tests with WinSCP shows the same behaviour without passive mode, but only for very large files (>10MB).
Unfortunately my hoster doesn’t provide SSH for the backup server, I think I’m not the only one… So I would like to know how to setup passive mode.
In my opinion: if it’s a known problem, why not enable it by default or spend an extra checkbox “use passive mode” to the FTP section of the backup configuration?

Yeah, in poking around a bit, I don’t see a way to enable passive mode within Webmin. If you’re interested in that feature, you might need to add it into a feature request using the Bugs and Issues link below.
-Eric

Now I found out that the firewall causes the problems. I’m using iptables, the FTP configuration looks like this
(unrelated stuff skipped):

[code:1]# enable highport handling
modprobe ip_conntrack_ftp

#deny all
iptables -P INPUT DROP
iptables -P OUTPUT DROP

allow FTP connections

iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT
[/code:1]
Any ideas?

Error in firewall config was here:

iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
instead of
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
And what's the lesson of this? Do not always trust what you're reading in the books