Hello,

Since I'm under 1.8.0 I can't use proFTP in PASV mod.

I connect to the server well, I can change folder but I receive No respondind msg and when I try to get or put files I have an error msg

In logWatch I receive msg that I never rceived before


padawan.carat-hosting.com (62.39.154.5[62.39.154.5]) - FTP no transfer timeout, disconnected proftpd startup succeeded padawan.carat-hosting.com - ProFTPD 1.2.8 (stable) (built Mon Aug 23 01:20:11 EDT 2004) standalone mode STARTUP padawan.carat-hosting.com - Failed binding to 0.0.0.0, port 21: Address already in use padawan.carat-hosting.com - Check the ServerType directive to ensure you are configured correctly.
proftpd startup succeeded
padawan.carat-hosting.com (127.0.0.1[127.0.0.1]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com
padawan.carat-hosting.com (127.0.0.1[127.0.0.1]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (127.0.0.1[127.0.0.1]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (193.248.26.80[193.248.26.80]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (193.248.26.80[193.248.26.80]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (220.64.90.210[220.64.90.210]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - FTP no transfer timeout, disconnected padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - FTP no transfer timeout, disconnected padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - FTP no transfer timeout, disconnected padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - FTP no transfer timeout, disconnected padawan.carat-hosting.com (193.248.27.177[193.248.27.177]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (127.0.0.1[127.0.0.1]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (127.0.0.1[127.0.0.1]) - notice: unable to add scoreboard entry: Invalid argument padawan.carat-hosting.com (127.0.0.1[127.0.0.1]) - notice: unable to add scoreboard entry: Invalid argument


Any idea ?

Thanks

Pascal

It's hard to tell from the error log if it's related Pascal, if your root info is the same as yesterday and it's 'ok' to login as root I'll check it out. Coudl you also set me up a test FTP account as well.

Thanks,

Chris

I've never seen these types of messages in logwatch until the report yesterday. I got a report full of them, just like Pascal. And I haven't touched anything since installing Interworx 1.8.0.

Could you forward please sonicgroup. Pascal is running 1.2.8p and I think you're running 1.2.10. Just paste in a ticket if you would and I'll take a look.

Chris

Hi

Thanks chris. Login info are the same

To be complete I have to say that in PASV mode it doesn't work but when I disable PASV mod in my FTP client then it's Ok.

I just sending you an email with FTP account and SSH access information

Pascal

Pascal,

Give it a shot now. We turned off your firewall and it seems to have fixed the PASV ftp problem.

Chris

Erffff .....

You right it's fine now

Hé !!! you never sleep ?


Thanks a lot :)

Do you have an idea why my Firewall block the PASV ?

I have the modprobe ip_conntrack_ftp and port 21 open ?


#!/bin/bash
set -e

# Caution! Once this firewall is active,
# changes will almost certainly require a reboot,
# or at least console (the network will be unavailable).

# Load IRC & FTP modules for use behind a NAT. Usually not necessary.
/sbin/modprobe ip_conntrack_ftp

# Flush rules
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z

# rp_filter
for f in /proc/sys/net/ipv4/conf/*; do
echo 1 > $f/rp_filter
echo 0 > $f/accept_source_route
echo 0 > $f/accept_redirects
done
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 0 > /proc/sys/net/ipv4/tcp_ecn
echo 0 > /proc/sys/net/ipv4/ip_forward

# Set chain defaults
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

## Okay, the rules

# Rejects go here
/sbin/iptables -N rej
/sbin/iptables -A rej -p udp -j REJECT --reject-with icmp-port-unreachable
/sbin/iptables -A rej -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A rej -j DROP

# Slow reject is our packet limiter.
/sbin/iptables -N slowrej
/sbin/iptables -A slowrej -m limit --limit 12/min --limit-burst 2 -j rej
/sbin/iptables -A slowrej -j DROP

## UDP rules
/sbin/iptables -N pudp
/sbin/iptables -A pudp -p udp --dport 53 -j ACCEPT # DNS (udp)
/sbin/iptables -A pudp -p udp --dport 161 -j ACCEPT # SNMP (udp)

/sbin/iptables -A pudp -p udp --dport bootps:bootpc -j DROP
/sbin/iptables -A pudp -j slowrej

## TCP rules

# Enable services on an as-needed basis.
# Template below includes most popular services.
# Default rule (below) is to allow SSH and SNMP.
# Everything else is your responsiblity.


/sbin/iptables -N ptcp

/sbin/iptables -A ptcp -p tcp --dport 161 -m state --state NEW -j ACCEPT #SNMP
/sbin/iptables -A ptcp -p tcp --dport 80 -m state --state NEW -j ACCEPT # HTTP
/sbin/iptables -A ptcp -p tcp --dport 443 -m state --state NEW -j ACCEPT # HTTPS
/sbin/iptables -A ptcp -p tcp --dport 21 -m state --state NEW -j ACCEPT # FTP
/sbin/iptables -A ptcp -p tcp --dport 22 -m state --state NEW -j ACCEPT # SSH
/sbin/iptables -A ptcp -p tcp --dport 2443 -m state --state NEW -j ACCEPT # Nodeworx
/sbin/iptables -A ptcp -p tcp --dport 2080 -m state --state NEW -j ACCEPT # Nodeworx
/sbin/iptables -A ptcp -p tcp --dport 25 -m state --state NEW -j ACCEPT # SMTP
/sbin/iptables -A ptcp -p tcp --dport 110 -m state --state NEW -j ACCEPT # POP3
/sbin/iptables -A ptcp -p tcp --dport 995 -m state --state NEW -j ACCEPT #POP3S
/sbin/iptables -A ptcp -p tcp --dport 143 -m state --state NEW -j ACCEPT #IMAP2
/sbin/iptables -A ptcp -p tcp --dport 993 -m state --state NEW -j ACCEPT #IMAPS
/sbin/iptables -A ptcp -p tcp --dport 3306 -m state --state NEW -j ACCEPT #MySQL
/sbin/iptables -A ptcp -p tcp --dport 53 -m state --state NEW -j ACCEPT # DNS (tcp)
/sbin/iptables -A ptcp -p tcp --dport 10000 -m state --state NEW -j ACCEPT # webmin (tcp)
/sbin/iptables -A ptcp -p tcp --dport 3333 -m state --state NEW -j ACCEPT # ntop (tcp)
/sbin/iptables -A ptcp -p tcp --dport 6667 -m state --state NEW -j ACCEPT # IRCD
/sbin/iptables -A ptcp -p tcp --dport 6668 -m state --state NEW -j ACCEPT # IRCD
/sbin/iptables -A ptcp -p tcp --dport 6999 -m state --state NEW -j ACCEPT # IRCD SERVICES
/sbin/iptables -A ptcp -p tcp --dport 7029 -m state --state NEW -j ACCEPT # IRCD SERVICES
/sbin/iptables -A ptcp -p tcp --dport 7000 -m state --state NEW -j ACCEPT # HUB IRCD

/sbin/iptables -A ptcp -j slowrej

## ICMP rules
/sbin/iptables -N picmp
/sbin/iptables -A picmp -p icmp -m limit --limit 2/sec --limit-burst 2 --icmp-type echo-request -j ACCEPT
/sbin/iptables -A picmp -j DROP

# INPUT chain: Anything over loopback, and anything found in the state matching
# system is accepted.
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
# If you have constant abusers, block them permanently by CIDR thus:
# iptables -A INPUT -s 192.168.1.0/24 -j rej
#
# For particularly abusive servers or brain-dead software that keeps trying
# even with rej, try this instead:
#iptables -A INPUT -s 192.168.1.0/24 -j DROP
/sbin/iptables -A INPUT -p udp -j pudp
/sbin/iptables -A INPUT -p tcp -j ptcp
/sbin/iptables -A INPUT -p icmp -j picmp


Pascal