Arf... hard week for me. ;-)
I installed a new clearos on AWS server using clearOS7 AMI available on N Virginia only (and moving it to europe servers);
https://www.clearos.com/resources/documentation/clearos/content:en_us:7_ug_amazon_ec2_support
Thanks to Nick I solve mysql and mariadb issues, website is up and running.
I install the ftp server app, set user, password, group, ftp member, and allow upload from the web properties.
I add the services on the clearos firewall (ftp, passive ftp)
I edit inbound security panel at Amazon (opening ports)
Using filezilla I connect to my server and get rejected.
---
Trying to troubleshot the situation;
I compared with another server where I have ftp running.
The only difference I can see is about the IP setting and a DHCP app.
On the AWS server it shows the EC2 internal IP as external IP.
(the external ip is 15.xxx.xxx.xxx) - see attachment
On the AWS server I see a DHCP app (wasn't installed on the second server)
Subnets
Interface Network Status Action
eth0 172.31.16.0 Disabled Configure
Those settings and options were automatically configured during the ClearOs install.
May be some settings are actually based on the original location of the instance (from where I created the image) and they should be changed ?
I installed a new clearos on AWS server using clearOS7 AMI available on N Virginia only (and moving it to europe servers);
https://www.clearos.com/resources/documentation/clearos/content:en_us:7_ug_amazon_ec2_support
Thanks to Nick I solve mysql and mariadb issues, website is up and running.
I install the ftp server app, set user, password, group, ftp member, and allow upload from the web properties.
I add the services on the clearos firewall (ftp, passive ftp)
I edit inbound security panel at Amazon (opening ports)
Using filezilla I connect to my server and get rejected.
s: Connecting to xx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Server does not support non-ASCII characters.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: LIST
Error: Connection timed out after 20 seconds of inactivity
---
Trying to troubleshot the situation;
I compared with another server where I have ftp running.
The only difference I can see is about the IP setting and a DHCP app.
On the AWS server it shows the EC2 internal IP as external IP.
(the external ip is 15.xxx.xxx.xxx) - see attachment
On the AWS server I see a DHCP app (wasn't installed on the second server)
Subnets
Interface Network Status Action
eth0 172.31.16.0 Disabled Configure
Those settings and options were automatically configured during the ClearOs install.
May be some settings are actually based on the original location of the instance (from where I created the image) and they should be changed ?
In FTP Server
Share this post:
Responses (7)
-
Accepted Answer
A little later... (still stuck with this)
After improving setting I get filezilla to connect and upload a file in the flexshare of the user using port 21 and example.com/exampleftp for the host.
However the third party application don’t accept the extra path for the host value.
It need to be "example.com" only and that would point them to /var/flexshare/shares
Having no real issue with that (it is one use server) I changed perm and ownership of the shares directory to reflect the same than "exampleftp".
But I’m still not authorised to write in.
... ? -
Accepted Answer
Nick Howitt wrote:
How did you try changing the home share port? Presumably you tries tweaking /etc/proftpd.conf? What about the files in /etc/proftpd.d/? These are generated by the webconfig if you allow ftp to flexshares or websites. Even if you don't have the flexshare app I believe you have app-flexshare-core loaded as this is also used by the web server app.
I would not try redirecting ports because of how ftp works which is really messy. If you connect to port 21, something happens with port 20 as well, but I can't remember the details. You could try if you wanted with a PREROUTING rule in the nat table of iptables.
Hi Nick, thanks for helping.
I tried using the ClearOs dashboard, you can change the Home Share Port at "app/ftp". ou can edit, but you can’t use 21 (and you can’t edit the Flexshare Port locked on 21) ;-)
I need port 21 (shame it worked somehow during a month)...
"PREROUTING rule in the nat table of iptables"... I googled a bit nd tried to figure how to preroute incoming port 21 from a specific machine, but it look over my league. -
Accepted Answer
How did you try changing the home share port? Presumably you tries tweaking /etc/proftpd.conf? What about the files in /etc/proftpd.d/? These are generated by the webconfig if you allow ftp to flexshares or websites. Even if you don't have the flexshare app I believe you have app-flexshare-core loaded as this is also used by the web server app.
I would not try redirecting ports because of how ftp works which is really messy. If you connect to port 21, something happens with port 20 as well, but I can't remember the details. You could try if you wanted with a PREROUTING rule in the nat table of iptables. -
Accepted Answer
Ahem...?
Background: Everyday a third party application send me a file using FTP and port 21 (can’t be changed)
Now the user can connect using FTP but see only his "user" folder (/home/theuser/) even if I set the webserver path.
And it worked like this till the 28/01/2020, using FTP and port 21 an existing user was able to write the file inside /home/theuser/. (the server restarted several time during the month it worked)
Since the 29/01/2020 it doesn’t work anymore. The connection is established using /var/www/virtual/ a place where the user can’t write anything and so my process is stuck.
I tested using port 2121, and theuser can connect inside /home/theuser/ and write the file.
So... from here what can I do ?
Tweak ClearOs so port 21 goes to /home/theuser/ with write permission ?
Set in clearOS port forwarding so request on port 21 are redirected to port 2121 ?
Edit:
I tried to change the Home Share Port to port 21 and it can’t be saved: Port reserved for Flexshare.
I check the installed application on my ClearOs and Flexshare is not installed (why does it get in the way...?) -
Accepted Answer
-
Accepted Answer
Thanks for point me the direction for the ports.
Edited and opened the passive ports on EC2 security group. (see attachment)
Now the user can connect using FTP but see only his "user" folder (/home/theuser/) even if I set the webserver path.
In the Webserver App I enabled FTP upload for the group the user is part of and yes technically I would like that when the user connect it land inside the webserver domain folder.Attachments:
-
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »