Impossible de se connecter au FTP.

Beaucoup d’utilisateurs rencontrent un problème de connexion au FTP après une mise à jour et très certainement en rapport à l’auto activation du Firewall dans l’interface de Plesk.

 

Tout d’abord, il vous faut vérifier que la configuration de votre serveur ProFTPd accepte les ports passifs.

Regarder le fichier :

/etc/proftpd.conf il devrait ressembler à celui-ci :

#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#

# This is a basic ProFTPD configuration file (rename it to
# ‘proftpd.conf’ for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# « nobody » and « ftp » for normal operation and anon.

ServerName « ProFTPD »
#ServerType standalone
ServerType inetd
DefaultServer on

<Global>
DefaultRoot ~ psacln
AllowOverwrite on
<IfModule mod_tls.c>
# common settings for all virtual hosts
TLSEngine on
TLSRequired off

TLSLog /opt/psa/var/log/ftp_tls.log

TLSRSACertificateFile /opt/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /opt/psa/admin/conf/httpsd.pem

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off

# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none

# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
# Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
TLSOptions NoSessionReuseRequired
</IfModule>
</Global>

DefaultTransferMode binary
UseFtpUsers on

TimesGMT off
SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.

#Include directive should point to place where FTP Virtual Hosts configurations
#preserved

ScoreboardFile /var/run/proftpd_scoreboard

# Primary log file mest be outside of system logrotate province

TransferLog /opt/psa/var/log/xferlog

#Change default group for new files and directories in vhosts dir to psacln

<Directory /var/www/vhosts>
GroupOwner psacln
</Directory>

# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd

IdentLookups off
UseReverseDNS off

AuthGroupFile /etc/group

Include /etc/proftpd.include

Vous remarquerez qu’il n’y a pas de déclaration PassivePorts

Ajoutez la ligne (juste en dessous de Port 21 serait parfait) :

PassivePorts                    57000 58000

Ce qui devrait ressembler à ceci :

#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#

# This is a basic ProFTPD configuration file (rename it to
# ‘proftpd.conf’ for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# « nobody » and « ftp » for normal operation and anon.

ServerName                      « ProFTPD »
#ServerType                     standalone
ServerType                      inetd
DefaultServer                   on

<Global>
DefaultRoot     ~               psacln
AllowOverwrite          on
<IfModule mod_tls.c>
        # common settings for all virtual hosts
        TLSEngine on
        TLSRequired off

        TLSLog /opt/psa/var/log/ftp_tls.log

        TLSRSACertificateFile /opt/psa/admin/conf/httpsd.pem
        TLSRSACertificateKeyFile /opt/psa/admin/conf/httpsd.pem

        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off

        # Allow SSL/TLS renegotiations when the client requests them, but
        # do not force the renegotations.  Some clients do not support
        # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
        # clients will close the data connection, or there will be a timeout
        # on an idle data connection.
        TLSRenegotiate none

        # As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
        # that reuse the SSL session of the control connection, as a security measure.
        # Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
        TLSOptions NoSessionReuseRequired
</IfModule>
</Global>

DefaultTransferMode     binary
UseFtpUsers                     on

TimesGMT                        off
SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port.
Port                            21
PassivePorts                    57000 58000
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.

#Include directive should point to place where FTP Virtual Hosts configurations
#preserved

ScoreboardFile /var/run/proftpd_scoreboard

# Primary log file mest be outside of system logrotate province

TransferLog /opt/psa/var/log/xferlog

#Change default group for new files and directories in vhosts dir to psacln

<Directory /var/www/vhosts>
        GroupOwner      psacln
</Directory>

# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd

IdentLookups off
UseReverseDNS off

AuthGroupFile   /etc/group

Include /etc/proftpd.include

 

Il ne reste plus qu’à accepter ces ports dans votre Pare Feu.

Pour ce faire, rendez-vous sur votre interface Plesk Panel -> Gestion des serveurs -> Outils & Paramètres -> Sécurité -> Pare-feu

Cliquez sur Editer la configuration Du Pare-Feu puis sur Ajouter Une Règle Personalisée

Donnez un nom à votre règle (par exemple « FTP passif« )

Correspondre à la direction -> Entrant

Action ->Autoriser

Ports:

Dans la cellule « Ajouter un port ou une plage de ports : » entrez 57000-58000

Laissez le protocole sur TCP et cliquez sur  ajouter pour que le port soit ajouté dans la petite fenêtre de gauche.

Vous pouvez valider l’ensemble du formulaire via le bouton OK

 

Si tout c’est bien passé vous devriez voir la ligne suivante dans les règles de votre pare-feu

FTP (Passive) Autoriser entrants de tout sur le port 57000-58000/tcp

Activer votre pare-feu à l’aide du bouton Activer. Une confirmation vous sera demandé,