Impossible de se connecter au FTP.
Beaucoup d’utilisateurs rencontrent un problème de connexion au FTP après une mise à jour et très certainement en rapport à l’auto activation du Firewall dans l’interface de Plesk.
Tout d’abord, il vous faut vérifier que la configuration de votre serveur ProFTPd accepte les ports passifs.
Regarder le fichier :
/etc/proftpd.conf il devrait ressembler à celui-ci :
#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
## This is a basic ProFTPD configuration file (rename it to
# ‘proftpd.conf’ for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# « nobody » and « ftp » for normal operation and anon.ServerName « ProFTPD »
#ServerType standalone
ServerType inetd
DefaultServer on<Global>
DefaultRoot ~ psacln
AllowOverwrite on
<IfModule mod_tls.c>
# common settings for all virtual hosts
TLSEngine on
TLSRequired offTLSLog /opt/psa/var/log/ftp_tls.log
TLSRSACertificateFile /opt/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /opt/psa/admin/conf/httpsd.pem# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
# Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
TLSOptions NoSessionReuseRequired
</IfModule>
</Global>DefaultTransferMode binary
UseFtpUsers onTimesGMT off
SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.#Include directive should point to place where FTP Virtual Hosts configurations
#preservedScoreboardFile /var/run/proftpd_scoreboard
# Primary log file mest be outside of system logrotate province
TransferLog /opt/psa/var/log/xferlog
#Change default group for new files and directories in vhosts dir to psacln
<Directory /var/www/vhosts>
GroupOwner psacln
</Directory># Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpdIdentLookups off
UseReverseDNS offAuthGroupFile /etc/group
Include /etc/proftpd.include
Vous remarquerez qu’il n’y a pas de déclaration PassivePorts
Ajoutez la ligne (juste en dessous de Port 21 serait parfait) :
PassivePorts 57000 58000
Ce qui devrait ressembler à ceci :
#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# ‘proftpd.conf’ for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# « nobody » and « ftp » for normal operation and anon.
ServerName « ProFTPD »
#ServerType standalone
ServerType inetd
DefaultServer on
<Global>
DefaultRoot ~ psacln
AllowOverwrite on
<IfModule mod_tls.c>
# common settings for all virtual hosts
TLSEngine on
TLSRequired off
TLSLog /opt/psa/var/log/ftp_tls.log
TLSRSACertificateFile /opt/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /opt/psa/admin/conf/httpsd.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
# Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
TLSOptions NoSessionReuseRequired
</IfModule>
</Global>
DefaultTransferMode binary
UseFtpUsers on
TimesGMT off
SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port.
Port 21
PassivePorts 57000 58000
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.
#Include directive should point to place where FTP Virtual Hosts configurations
#preserved
ScoreboardFile /var/run/proftpd_scoreboard
# Primary log file mest be outside of system logrotate province
TransferLog /opt/psa/var/log/xferlog
#Change default group for new files and directories in vhosts dir to psacln
<Directory /var/www/vhosts>
GroupOwner psacln
</Directory>
# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd
IdentLookups off
UseReverseDNS off
AuthGroupFile /etc/group
Include /etc/proftpd.include
Il ne reste plus qu’à accepter ces ports dans votre Pare Feu.
Pour ce faire, rendez-vous sur votre interface Plesk Panel -> Gestion des serveurs -> Outils & Paramètres -> Sécurité -> Pare-feu
Cliquez sur Editer la configuration Du Pare-Feu puis sur Ajouter Une Règle Personalisée
Donnez un nom à votre règle (par exemple « FTP passif« )
Correspondre à la direction -> Entrant
Action ->Autoriser
Ports:
Dans la cellule « Ajouter un port ou une plage de ports : » entrez 57000-58000
Laissez le protocole sur TCP et cliquez sur ajouter pour que le port soit ajouté dans la petite fenêtre de gauche.
Vous pouvez valider l’ensemble du formulaire via le bouton OK
Si tout c’est bien passé vous devriez voir la ligne suivante dans les règles de votre pare-feu
FTP (Passive) Autoriser entrants de tout sur le port 57000-58000/tcp
Activer votre pare-feu à l’aide du bouton Activer. Une confirmation vous sera demandé,