Strange problem after update ftp connection problem

Community Support FTP
1

Hi, after update to 1.6.4 I didn’t connect to my ftp server.

vftp it’s working => status ok.

And I connected successfully like: … ftp -p 127.0.0.1 , but if I try to connecting from external ip address … BUM nothing.

So, I check my firewall but I no see problem theare.

[root:server1][~]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-RECIDIVE  tcp  --  anywhere             anywhere             multiport dports tcpmux:65535
fail2ban-FTP  tcp  --  anywhere             anywhere             tcp dpt:ftp
fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh
fail2ban-HESTIA  tcp  --  anywhere             anywhere             tcp dpt:8083
fail2ban-MAIL  tcp  --  anywhere             anywhere             multiport dports smtp,submissions,submission,pop3,pop3s,imap2,imaps
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  ns1.domain.com     anywhere
ACCEPT     all  --  localhost            anywhere
ACCEPT     tcp  --  **.**.**.**  anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp-data,ftp,12000:12100
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             multiport dports smtp,submissions,submission
ACCEPT     tcp  --  anywhere             anywhere             multiport dports pop3,pop3s
ACCEPT     tcp  --  anywhere             anywhere             multiport dports imap2,imaps
ACCEPT     tcp  --  **.**.**.**  anywhere             tcp dpt:8083
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ftp-data state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */

Chain TOR (0 references)
target     prot opt source               destination

Chain fail2ban-FTP (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-HESTIA (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-MAIL (1 references)
target     prot opt source               destination
REJECT     all  --  ip247.tervelnet.com  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  net6-ip230.linkbg.com  anywhere             reject-with icmp-port-unreachable
REJECT     all  --  net6-ip215.linkbg.com  anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

Chain fail2ban-RECIDIVE (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-SSH (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain hestia (0 references)
target     prot opt source               destination
[root:server1][~]#

8083 - FIREWALL - Hestia Control Panel
8083 - FIREWALL - Hestia Control Panel1020×41 1.18 KB

8083 - SERVER - Hestia Control Panel 1
8083 - SERVER - Hestia Control Panel 11020×40 1.36 KB

2

check the log you’ll find the exact error.

cat /var/log/auth.log
3

Nothing interested. Only session opened/closed.

[root:server1][~]# grep -n -H "ftp" auth.log
[root:server1][~]# cat /var/log/auth.log

auth.log:42205:Jul 14 18:32:24 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42206:Jul 14 18:32:24 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42207:Jul 14 18:32:24 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42208:Jul 14 18:32:24 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42209:Jul 14 18:32:24 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42210:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42211:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42212:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42213:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42214:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42215:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42216:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42217:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42218:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42219:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42220:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42221:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
auth.log:42222:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session closed for user root
auth.log:42223:Jul 14 18:32:25 ns1 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
[root:server1][~]#

ftp> ftp my-domain.com
Invalid command.
ftp> o my-domain.com
> ftp: connect :Connection timed out
ftp> o my-domain.com
> ftp: connect :Connection timed out
ftp> o my-domain.com
> ftp: connect :Connection timed out
ftp>

I scanning for open ports and there it’s missing a ftp port. Strange. (in firewall I think its everything OK)

image

EDIT: fail2ban (my ip is not here)

[root:server1][~]# awk '($(NF-1) = /Ban/){print $NF}' /var/log/fail2ban.log | sort | uniq -c | sort -n
      4 5.34.207.56
      6 212.193.29.47
     10 87.246.7.215
     17 87.246.7.230
     17 87.246.7.247

this is configuration from HestiaCP;

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
dual_log_enable=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
ftpd_banner=Welcome! Please note that all activity is logged.
userlist_enable=NO
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
allow_writeable_chroot=YES
seccomp_sandbox=NO
pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=12000
pasv_max_port=12100
max_per_ip=10
max_clients=100
use_localtime=YES
utf8_filesystem=YES
ssl_enable=YES
allow_anon_ssl=NO
require_ssl_reuse=NO
ssl_ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
rsa_private_key_file=/usr/local/hestia/ssl/certificate.key

Configure Server: FAIL2BAN

[ssh-iptables]
enabled  = true
filter   = sshd
action   = hestia[name=SSH]
logpath  = /var/log/auth.log
maxretry = 5

[vsftpd-iptables]
enabled  = true
filter   = vsftpd
action   = hestia[name=FTP]
logpath  = /var/log/vsftpd.log
maxretry = 5

[exim-iptables]
enabled  = true
filter   = exim
action   = hestia[name=MAIL]
logpath  = /var/log/exim4/mainlog

[dovecot-iptables]
enabled  = true
filter   = dovecot
action   = hestia[name=MAIL]
logpath  = /var/log/dovecot.log

[mysqld-iptables]
enabled  = false
filter   = mysqld-auth
action   = hestia[name=DB]
logpath  = /var/log/mysql.log
maxretry = 5

[hestia-iptables]
enabled  = true
filter   = hestia
action   = hestia[name=HESTIA]
logpath  = /var/log/hestia/auth.log
maxretry = 5

[roundcube-auth]
enabled  = false
filter   = roundcube-auth
action   = hestia[name=WEB]
logpath  = /var/log/roundcube/errors.log
maxretry = 5

[recidive]
enabled  = true
filter   = recidive
action   = hestia[name=RECIDIVE]
logpath  = /var/log/fail2ban.log
maxretry = 5
findtime = 86400
bantime  = 864000

netstat


[root:server1][~]# sudo netstat -pnlt : grep 21 > netstatResults.txt
[root:server1][~]# grep -r ":21" netstatResults.txt
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2725820/vsftpd
[root:server1][~]#

lsb_release

[root:server1][~]# lsb_release -d
Description:    Debian GNU/Linux 11 (bullseye)
[root:server1][~]#
4

O my day…

I don’t know what is happened, but after reboot the system FTP it’s ON…

But I want to research what is happened. Any idea for how understand this strange problem?

5

Glad that you found a solution! I was about to ask you to reboot. Sometimes a solution is a server reboot because the servers might get overwhelmed by many scripts or new updates that require restarting.