Symptoms
- Passive FTP connection (plain, non-SSL/TLS) does not work after enabling Plesk Firewall Tools & Settings > Firewall > Enable
- Cannot list directory when connecting in passive mode:
# ftp> dir
227 Entering Passive Mode (192,0,2,2,176,121).
ftp: connect: Connection timed out - Error inÂ
/var/log/messages
:xinetd[2457]: START: ftp pid=4513 from=::ffff:203.0.113.2
proftpd[4513]: processing configuration directory '/etc/proftpd.d'
proftpd[4513]: FTP session opened.
named[3167]: error (network unreachable) resolving - Error in
/var/log/secure
:proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
proftpd[4513]: (203.0.113.2) - USER username: Login successful. - passive FTP ports are configured and allowed in firewall
- nf_conntrack_ftp module listing shows the following:
# lsmod | grep conntrack_ftp
#
Cause
nf_conntrack_ftp module is not loaded.
Plesk bug with ID PPPM-6187: a warning about not loaded nf_conntrack module is not shown in Plesk. It will be added in future updates.
Resolution
- Log in to Plesk server via SSH
-
Enable the kernel modules in the system:
Note: Actions that involves kernel modules configuration should be performed on a physical or a virtual machine with full hardware emulation. If a VZ container is used, the same actions should be performed on a hardware node where this VZ container is running. Â Contact the hosting provider if access to the hardware node is needed.
2.1. Add the modules to the configuration file:
# echo nf_nat_ftp >> /etc/modules-load.d/modules.conf
# echo nf_conntrack_ftp >> /etc/modules-load.d/modules.conf2.2. On CentOS/RHEL, add the modules to the
IPTABLES_MODULES
line in the/etc/sysconfig/iptables-config
file as follows:IPTABLES_MODULES="nf_conntrack_ftp ip_nat_ftp"