No access to ProFTPD from internet (after service update)

    • OMV 1.0
    • No access to ProFTPD from internet (after service update)

      Hi there.

      I'*ve set up the FTPD according to this thread here: phpbb.openmediavault.org/viewtopic.php?f=13&t=3205

      So my setup looks like this:
      - Basic FTPD configuration as stated above
      - FTP service port changed from 21 to some high port through the WebGUI and added a matching port forwarding on the router (FritzBox)
      - FTP service passive range setup in WebGUI and /etc/modprobe.d/options.conf (and edited /etc/modules accordingly)
      - FTP service passive ports forwarded in router
      - Added a <IfModule mod_facts.c> FactsAdvertise off </IfModule> in proftpd.conf to get FileZilla running correctly and use LIST/NLST instead of MLSD/MLST


      It worked flawlessly and I could access it through the internet with Firefox (on Win7 + 8.1), FileZilla 3.7.1.1 (on Win7 + 8.1) and AndFTP (on Android smartphone) or the internal internet browser of a Blackberry smartphone. Even connecting from through internet with FileZilla through a proxy used to work fine.

      After the latest update of ProFTPD (I think to version 1.3.4a-5+deb7u3) I can't access the FTP share anymore from the internet using FileZilla, Firefox or AndFTP. Only the internal Blackberry internet browser still works.

      If I connect via FileZilla I get this debug output (see here the full log with more traces):

      Source Code

      1. Status: Connecting to xxxxx.no-ip.xxx:xxxxx through proxy
      2. Status: Connecting to 192.xxx.xxx.xxx:3128...
      3. Status: Connection with proxy established, performing handshake...
      4. Response: Proxy reply: HTTP/1.1 200 Connection Established
      5. Status: Connection established, waiting for welcome message...
      6. Response: 220 ProFTPD 1.3.4a Server ready.
      7. Command: USER xxxxx
      8. Response: 331 Password required for xxxxx
      9. Command: PASS ********
      10. Response: 230-xxxxx
      11. Response: 230 User xxxxx logged in
      12. Command: SYST
      13. Response: 215 UNIX Type: L8
      14. Command: FEAT
      15. Response: 211-Features:
      16. Response: MDTM
      17. Response: MFMT
      18. Response: TVFS
      19. Response: UTF8
      20. Response: MFF modify;UNIX.group;UNIX.mode;
      21. Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
      22. Response: SITE MKDIR
      23. Response: SITE RMDIR
      24. Response: SITE UTIME
      25. Response: SITE SYMLINK
      26. Response: REST STREAM
      27. Response: LANG en-GB.UTF-8*
      28. Response: SITE COPY
      29. Response: SIZE
      30. Response: 211 End
      31. Command: OPTS UTF8 ON
      32. Response: 200 UTF8 set to on
      33. Status: Connected
      34. Status: Retrieving directory listing...
      35. Command: PWD
      36. Response: 257 "/" is the current directory
      37. Command: TYPE I
      38. Response: 200 Type set to I
      39. Command: PASV
      40. Response: 227 Entering Passive Mode (217,xxx,xxx,xxx,82,223).
      41. Command: MLSD
      42. Status: Connecting to 192.xxx.xxx.xxx:3128...
      43. Status: Connection with proxy established, performing handshake...
      44. Error: Connection timed out
      45. Error: Failed to retrieve directory listing
      Display All


      When trying to connect with Firefox I get a error message like this: 500 Unexpected PASV response.

      AndFTP times out the same way as FileZilla does.

      Stopping and re-enabling the service don't seem to have an impact on the behavior.

      After reading through the FileZilla log I can see it advertises MLST - which looks a bit strange to me as I setup the proftpd.conf not to do so.
      Does an update to the ftpd include changing config files back to "initial" values? Sadly I can't check the config file right now but I will do so if I get back to the machine later today. Also I will reset the user permissions for the share

      My plans for checking later are:
      - See if /etc/modprobe.d/options.conf and /etc/modules still have the correct settings for all ports
      - See if proftpd.conf still holds the FactsAdvertise off setting
      - Reset the user permissions of the FTP share
      - Stop/re-enable the service and try connecting via ftptest.net/

      Does any of you have more hints to get the service running normally again?
      OMV 1.19 (OMV-Extras.org 1.34) | BanaNAS | 16GB microSD (using FlashMemory plugin) | 1TB SATA WD Blue Mobile
    • Don't know what happens in upgrade when is done via webui, in cli ask if you want to change the conf file, by the maintainer one.
      Also any change of ftp in omv webui will revert any manual changes to proftpd.conf

      So it could be the that upgrade reverted your changes.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • subzero79 wrote:

      Don't know what happens in upgrade when is done via webui, in cli ask if you want to change the conf file, by the maintainer one.
      Also any change of ftp in omv webui will revert any manual changes to proftpd.conf

      So it could be the that upgrade reverted your changes.

      The upgrade did actually revert the changes I made to proftpd.conf. And it seems it does so everytime you disable / re-enable the FTP service through the GUI. After writing the changes again and issuing a service proftpd restart everything seems to be working. I will check if it works through proxies again tomorrow.

      Thanks for your assistance.
      OMV 1.19 (OMV-Extras.org 1.34) | BanaNAS | 16GB microSD (using FlashMemory plugin) | 1TB SATA WD Blue Mobile

      The post was edited 1 time, last by root2 ().

    • root2 wrote:

      And it seems it does so everytime you disable / re-enable the FTP service through the GUI


      Totally normal behaviour in OMV. If you want to alter some default configurations .conf look at the environmental variables that you can change

      wiki.openmediavault.org/index.…Environment_Variables/all
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • subzero79 wrote:

      root2 wrote:

      And it seems it does so everytime you disable / re-enable the FTP service through the GUI


      Totally normal behaviour in OMV. If you want to alter some default configurations .conf look at the environmental variables that you can change

      wiki.openmediavault.org/index.…Environment_Variables/all

      That looks promising, thank you.

      If I got you right, I could possibly change the OMV_PROFTPD_CONFIG=/etc/proftpd/proftpd.conf to point to another .conf file (let's say /etc/proftpd/my_proftpd.conf) which won't get altered wen I disable/re-enable the service.

      I guess this step might have pros and cons:
      Pro: the changes won't get altered by the settings anymore.
      Con: If a newer version of ProFTPD changes some settings (for security reasons or because of changes in the service) I'll have to look for them manually every time the ProFTPD gets updated.
      OMV 1.19 (OMV-Extras.org 1.34) | BanaNAS | 16GB microSD (using FlashMemory plugin) | 1TB SATA WD Blue Mobile
    • Don't think so, you're pointing conf to another location, omv will still write to there, because omv is in control of the service.

      I don't know what's your particular problem. I use ftp also and I don't have any problems. The latest ftp update targeted a critical security bug in the
      package.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • OK, now I think I understood.

      My particular Problem is that I can't access my FTP via e. g. FileZilla because it seems it doesn't work with MLSD/MLST but works with LIST/NLST instead.

      So I added FactsAdvertise off to the proftpd.conf to work around this issue and to force LIST/NLST. After this change I disabled/re-enabled the service via the WebGUI. This reverted the changes I made to proftpd.conf and it started advertising MLSD/MLST again, rendering FileZilla not working.

      I guess a single service proftpd restart via SSH should have been enough to apply the changes I made to the proftpd.conf, though.
      OMV 1.19 (OMV-Extras.org 1.34) | BanaNAS | 16GB microSD (using FlashMemory plugin) | 1TB SATA WD Blue Mobile
    • I just setup a ProFTP server on my rpi 2 and it worked via WAN with a ftp client built in ES File Explorer. No extra options needed.

      I'll test via Filezilla in a bit. Filezilla is working fine for me. Why do you need this module?
      <IfModule mod_facts.c> FactsAdvertise off </IfModule>
      and to use:
      LIST/NLST

      Is this due to a firewall or proxy server? type?

      Funny exchange between the developer and a forum member on Filezilla forums:
      https://forum.filezilla-project.org/viewtopic.php?t=18416

      Status: Connecting to xxxxx.no-ip.xxx:xxxxx through proxy
      Status: Connecting to 192.xxx.xxx.xxx:3128...
      Status: Connection with proxy established, performing handshake...
      Response: Proxy reply: HTTP/1.1 200 Connection Established

      The post was edited 5 times, last by tekkb ().

    • root2 wrote:

      So I added FactsAdvertise off to the proftpd.conf


      the only reason the other user added was because filezilla was displaying weird ownership of the files.

      FTP server with 2 users.

      For me it works from LAN and WAN (even in double nat)
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server