Ftp is not working with Csf firewall Whm

csofts

Ftp stops on mlsd.
Ftp is not working with Csf firewall

Response: 200 TYPE is now 8-bit binary
Command: PASV
Response: 227 Entering Passive Mode (173,208,139,67,117,197)
Command: MLSD
Error: Connection closed by server
Error: Failed to retrieve directory listing

Tell me solution.what should i do now?

GreenHostBox

http://myliteraturetechlife.com/enableing-passive-mode-in-ftp-server-with-csf-firewall/

That should fix the problem if you're having trouble with passive FTP and CSF firewall.

mrcbrown

Can you connect via PORT vs. PASV? PASV does require a port-range to be opened up in your CSF configuration:

(Readme File (http://configserver.com/free/csf/readme.txt)) Note 13.

A note about FTP Connection Issues

It is important when using an SPI firewall to ensure FTP client applications
are configured to use Passive (PASV) mode connections to the server.

On servers running Monolithic kernels (e.g. VPS Virtuozzo/OpenVZ and custom
built kernels) ip_conntrack and ip_conntrack_ftp iptables kernel modules may
not be available or fully functional. If this happens, FTP passive mode (PASV)
won't work. In such circumstances you will have to open a hole in your firewall
and configure the FTP server to use that same hole.

For example, with pure-ftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/pure-ftpd.conf and then restart pure-ftpd:
PassivePortRange 30000 35000

For example, with proftpd you could add the port range 30000:35000 to TCP_IN
and add the following line to /etc/proftpd.conf and then restart proftpd:
PassivePorts 30000 35000

FTP over SSL/TLS will usually fail when using an SPI firewall. This is because
of the way the FTP protocol established a connection between client and server.
iptables fails to establish a related connection when using FTP over SSL
because the FTP control connection is encrypted and so cannot track the
relationship between the connection and the allocation of an ephemeral port.

If you need to use FTP over SSL, you will have to open up a passive port block
in both csf and your FTP server configuration (see above).

Perversely, this makes your firewall less secure, while trying to make FTP
connections more secure.

csofts

@GreenHostBox said:
http://myliteraturetechlife.com/enableing-passive-mode-in-ftp-server-with-csf-firewall/

That should fix the problem if you're having trouble with passive FTP and CSF firewall.

No i have already follow this but issue is still.

csofts

i am waiting kindly tell me solutions asap.

netrix

blogs.reliablepenguin.com/2012/03/08/passive-mode-ftp-with-iptables

csofts

@netrix said:
blogs.reliablepenguin.com/2012/03/08/passive-mode-ftp-with-iptables

issue is still and when i restart the Csf then this is coming.

LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix Firewall: *TCP_IN Blocked* ' LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefixFirewall: TCP_OUT Blocked '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix Firewall: *UDP_IN Blocked* ' LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefixFirewall: UDP_OUT Blocked '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix Firewall: *ICMP_IN Blocked* ' LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefixFirewall: ICMP_OUT Blocked '

csofts

Thanks for Co operate with me.I have resolve this issue myself.
it's easy.
open /etc/pure-ftpd.conf, and this line

PassivePortRange 30000 35000

just remove the # .

and after that add this 30000:35000
tcp_in and tcp-out