NTS Forums

Please login or register.

Login with username, password and session length
 

News:

Welcome to the Newtek Technology Services Forum!


Author Topic: FTP over explicit TLS issue in cpanel server  (Read 413 times)

Offline scarlett

  • Hosting Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
FTP over explicit TLS issue in cpanel server
« on: July 13, 2016, 12:23:16 AM »
I am facing issues with connecting to the FTP of all websites in cPanel whenever I use FTP over explicit TLS. I use Filezilla ftp client to connect to FTP. Whenever I connect using plain authentication, there is no issue, but while trying to connect to FTP using explict TLS, the connection establishes but the directory listing fails with the following error

Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing

I have enabled Passive Port range in the pureftpd.conf and also the Firewall, but the issue remains. What is the solution?

Offline Jason [NTS]

  • Jr. Member
  • **
  • Posts: 158
  • Karma: +3/-0
    • Newtek Technology Solutions
Re: FTP over explicit TLS issue in cpanel server
« Reply #1 on: July 13, 2016, 09:10:05 AM »
Hello,

If you are encountering an issue connecting to FTP using explict TLS and able to make an initial hand-shake but fails passive connection to list directory:

First try seeing if iptables are causing the connection issue.

1. Stop IPTABLES:  /etc/init.d/iptables stop
2. Test FTP Again.
3. Start IPTABLES:  /etc/init.d/iptables start
 

If FTP connects after stopping the IPTABLE service, do the following:
 
1. Confirm the /etc/pure-ftpd.conf file has: PassivePortRange  30000 50000
2. Confirm the /etc/pure-ftpd.conf file has: ForcePassiveIP   xxx.xxx.xxx.xxx
3. Run the /usr/local/cpanel/scripts/restartsrv_ftpserver command to restart the FTP server.
4. Add the passive port range to iptables: iptables -I INPUT 1 -p tcp --dport 30000:50000 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Also, if you are using a hardware firewall, you will need to make sure these port assignments are in place as well.

Note: Linux CentOS 5/6
Jason
Server Operations Department
http://NewtekTechnology.com