Join the community today
Register Now

Can't connect via lftp

Discussion in 'System Administration' started by noxonx, Apr 8, 2021.

  1. noxonx

    noxonx New Member

    6
    1
    3
    May 15, 2020
    Ratings:
    +1
    Local Time:
    4:08 PM
    Hi,
    I have 2 new servers with centmin fresh install. One as dev and one as production.
    On dev server I have gulp with upload/download task to sync files. That task uses lftp.
    But it doesn't work.
    It logged in, but then, connection was refused. See debug log.

    FTP connection via FileZilla works.

    Thank you.

    Code:
    lftp -d
    lftp :~> set ftp:ssl-force true
    lftp :~> set ssl:verify-certificate no
    lftp :~> open -u user,pass ftp://xxx.xxx.xxx.xxx -p 21
    ---- Resolving host address...
    ---- 1 address found: xxx.xxx.xxx.xxx
    lftp user@xxx.xxx.xxx.xxx:~> ls
    ---- Connecting to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 21
    <--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    <--- 220-You are user number 6 of 1000 allowed.
    <--- 220-Local time is now 20:26. Server port: 21.
    <--- 220-This is a private system - No anonymous login
    <--- 220-IPv6 connections are also welcome on this server.
    <--- 220 You will be disconnected after 15 minutes of inactivity.
    ---> FEAT
    <--- 211-Extensions supported:   
    <---  EPRT
    <---  IDLE
    <---  MDTM
    <---  SIZE
    <---  MFMT
    <---  REST STREAM
    <---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
    <---  MLSD
    <---  AUTH TLS
    <---  PBSZ
    <---  PROT
    <---  UTF8
    <---  ESTA
    <---  PASV
    <---  EPSV
    <---  SPSV
    <---  ESTP
    <--- 211 End.
    ---> AUTH TLS
    <--- 234 AUTH TLS OK.           
    ---> OPTS UTF8 ON
    Certificate: C=US,ST=California,L=Los Angeles,O=Default Company Ltd,CN=xxx.xxx.xxx.xxx
     Issued by: C=US,ST=California,L=Los Angeles,O=Default Company Ltd,CN=xxx.xxx.xxx.xxx
    WARNING: Certificate verification: Not trusted
    <--- 200 OK, UTF-8 enabled
    ---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;
    <--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
    ---> USER user
    <--- 331 User user OK. Password required
    ---> PASS password
    <--- 230 OK. Current directory is /
    ---> PWD
    <--- 257 "/" is your current location
    ---> PBSZ 0
    <--- 200 PBSZ=0                     
    ---> PROT P
    <--- 200 Data protection level set to "private"
    ---> PASV
    <--- 227 Entering Passive Mode (xxx,xxx,xxx,xxx,123,74)
    ---- Connecting data socket to (xxx.xxx.xxx.xxx) port 31562
    **** Socket error (Connection refused) - reconnecting
    ---> LIST
    ---> ABOR
    ---- Closing aborted data socket
    ---- Closing control socket
    Interrupt                                   
     
  2. eva2000

    eva2000 Administrator Staff Member

    46,468
    10,554
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,385
    Local Time:
    12:08 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Centmin Mod pure-ftpd server needs to connect in passive mode. So maybe try lftp client with
    Code (Text):
    set ftp:passive-mode 1;


    also could be FTP via Filezilla has user IP whitelisted in CSF Firewall while your server IP via lftp isn't whitelisted ? Are both Filezilla and lftp initiated connections using same IP or different IP ?
     
  3. noxonx

    noxonx New Member

    6
    1
    3
    May 15, 2020
    Ratings:
    +1
    Local Time:
    4:08 PM
    Thank you for you reply,
    IP is different. I use lftp from dev server with centmin and FileZilla from my pc.
    I think, that passive mode is default in lftp. But I tryed "set" command, but it doesn't help.
    As you can see in my debug, I can log in, but after then, connection was refused. I don't know why.
    In csf I have no blocked IPs.
    In /var/log/messages, I have log, that the user was logged.

    Code:
    Apr  7 18:03:50 user pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] New connection from xxx.xxx.xxx.xxx
    Apr  7 18:03:50 user pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Apr  7 18:03:50 user pure-ftpd: (?@135.181.29.224) [INFO] user is now logged in
     
  4. eva2000

    eva2000 Administrator Staff Member

    46,468
    10,554
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,385
    Local Time:
    12:08 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Can you clarify if which server you trying to connect to via lftp ? Centmin Mod to Centmin Mod via lftp ? If lftp is connecting from a non-Centmin Mod based server, then that server's firewall might need opening up passive port range for Pureftpd in Centmin Mod which is 30001-50011

    I tried connecting via lftp on test server and listing the nginx vhosts directory contents fine. Notice how your data socket connection is refused. In passive mode, the connection and data connection are 2 separate steps.
    Code (Text):
    <--- 200 Data protection level set to "private"
    ---> PASV
    <--- 227 Entering Passive Mode (64,110,128,172,157,30)
    ---- Connecting data socket to (serverip) port 40222
    ---- Data connection established
    


    If it Centmin Mod to Centmin Mod via lftp, ensure both ends have CSF Firewall running and you whitelist their respective IPs in each server's CSF Firewall.
    Code (Text):
    FTPUSER='pureftp_username'
    FTPPASS='pureftp_pass'
    FTPHOSTBASE='serverip'
    FTPMODEOPT='set ftp:passive-mode 1; set ftp:ssl-force true; set ssl:verify-certificate no;'
    

    Code (Text):
    lftp -d -c "open -u $FTPUSER,'$FTPPASS' $FTPHOSTBASE; $FTPMODEOPT ls"
    
    ---- Resolving host address...
    ---- 1 address found: serverip
    ---- Connecting to serverip (serverip) port 21
    <--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    <--- 220-You are user number 1 of 1000 allowed.
    <--- 220-Local time is now 05:51. Server port: 21.
    <--- 220-This is a private system - No anonymous login
    <--- 220-IPv6 connections are also welcome on this server.
    <--- 220 You will be disconnected after 15 minutes of inactivity.
    ---> FEAT
    <--- 211-Extensions supported:
    <---  EPRT
    <---  IDLE
    <---  MDTM
    <---  SIZE
    <---  MFMT
    <---  REST STREAM
    <---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
    <---  MLSD
    <---  AUTH TLS
    <---  PBSZ
    <---  PROT
    <---  UTF8
    <---  ESTA
    <---  PASV
    <---  EPSV
    <---  SPSV
    <---  ESTP
    <--- 211 End.
    ---> AUTH TLS
    <--- 234 AUTH TLS OK.
    ---> OPTS UTF8 ON
    Certificate: C=US,ST=California,L=Los Angeles,O=Default Company Ltd,CN=serverip
     Issued by: C=US,ST=California,L=Los Angeles,O=Default Company Ltd,CN=serverip
    WARNING: Certificate verification: Not trusted
    <--- 200 OK, UTF-8 enabled
    ---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;
    <--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
    ---> USER pureftp_username
    <--- 331 User pureftp_username OK. Password required
    ---> PASS pureftp_pass
    <--- 230 OK. Current directory is /
    ---> PWD
    <--- 257 "/" is your current location
    ---> PBSZ 0
    <--- 200 PBSZ=0
    ---> PROT P
    <--- 200 Data protection level set to "private"
    ---> PASV
    <--- 227 Entering Passive Mode (64,110,128,172,157,30)
    ---- Connecting data socket to (serverip) port 40222
    ---- Data connection established
    ---> LIST
    <--- 150 Accepted data connection
    Certificate: C=US,ST=California,L=Los Angeles,O=Default Company Ltd,CN=serverip
     Issued by: C=US,ST=California,L=Los Angeles,O=Default Company Ltd,CN=serverip
    WARNING: Certificate verification: Not trusted
    drwxr-s---   13 1000       nginx            4096 Jan  2 05:40 .
    drwxr-s---   13 1000       nginx            4096 Jan  2 05:40 ..
    drwxr-s---    2 1000       nginx            4096 Nov  9 11:20 backup
    drwxr-sr-x    2 0          nginx            4096 Nov  9 11:21 cronjobs
    drwxr-s---    2 1000       nginx           57344 Apr  8 03:15 log
    drwxr-sr-x    2 1000       nginx           20480 Jan 11 06:40 mybackup
    drwxr-sr-x    2 0          nginx           12288 Jan 11 06:40 mybackuplogs
    drwxr-s---    2 1000       nginx            4096 Nov  9 11:20 private
    drwxr-s---    8 1000       nginx            4096 Apr  8 00:03 public
    drwxr-sr-x    2 1000       nginx            4096 Nov  9 11:21 sucuri_data_storage
    drwxr-sr-x    5 0          nginx            4096 Jan  2 05:16 zipfiles
    ---- Got EOF on data connection
    ---- Closing data socket
    <--- 226-Options: -a -l
    <--- 226 15 matches total
    ---> QUIT
    ---- Closing control socket
    
     
  5. noxonx

    noxonx New Member

    6
    1
    3
    May 15, 2020
    Ratings:
    +1
    Local Time:
    4:08 PM
    Hi,

    it is Centmin Mod to Centmin Mod via lftp. I whitelist IPs in each server's CSF Firewall, and now it works.

    Thank you.
     
  6. eva2000

    eva2000 Administrator Staff Member

    46,468
    10,554
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,385
    Local Time:
    12:08 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Glad to hear :D