Get the most out of your Centmin Mod LEMP stack
Become a Member

FTP error: ECONNREFUSED - Connection refused by server

Discussion in 'Other Centmin Mod Installed software' started by jrc2, Jan 12, 2020.

Tags:
  1. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.17.7
    • PHP Version Installed: 7.3.13
    • MariaDB MySQL Version Installed: 10.3.21
    • When was last time updated Centmin Mod code base ? : today (new install)
    • Persistent Config:
      Code:
      LETSENCRYPT_DETECT='y'
      
    I installed a WP site with option 22. I entered an FTP username and I let Centmin Mod generate the password. When I use that password, I get the error "ECONNREFUSED - Connection refused by server". I am using FileZille and have set "Require explicit FTP over TLS" and set transfer mode to passive. Any suggestions? Thanks!
     
  2. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Obvious things checked ? server IP address is correct ? misplaced digit etc will try to connect to someone else's server :)

    First thing is to check if your CSF Firewall is running

    what's output for this command
    Code (Text):
    systemctl status csf lfd | sed -e "s|$(hostname)|hostname|g"

    check system log for pure-ftpd related entries to see if there's any clues - i would replace your outputted server and client IPs and ftp username with dummy ones for privacy
    Code (Text):
    grep 'pure-ftpd' /var/log/messages

    example from my local virtualbox guest Centmin Mod 123.09beta01 server after logging in with pure-ftpd virtual ftp user = ftp1 via filezilla
    Code (Text):
    grep 'pure-ftpd' /var/log/messages
    Jan 12 03:43:58 centos7 pure-ftpd: (?@192.168.0.12) [INFO] New connection from 192.168.0.12
    Jan 12 03:43:58 centos7 pure-ftpd: (?@192.168.0.12) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Jan 12 03:44:07 centos7 pure-ftpd: (?@192.168.0.12) [INFO] ftp1 is now logged in
    Jan 12 03:44:07 centos7 pure-ftpd: (ftp1@192.168.0.12) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
    Jan 12 03:45:56 centos7 pure-ftpd: (ftp1@192.168.0.12) [INFO] Logout.
    

    For posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  3. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    Hi!

    I've checked the IP address and have copied and pasted it in to be sure.

    Here's the first output:
    Code (Text):
    ● csf.service - ConfigServer Firewall & Security - csf
       Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
       Active: active (exited) since Sat 2020-01-11 19:05:01 UTC; 9h ago
     Main PID: 55543 (code=exited, status=0/SUCCESS)
       CGroup: /system.slice/csf.service
    
    Jan 11 19:05:01 hostname csf[55543]: ACCEPT  all opt    in * out lo  ::/0  -> ::/0
    Jan 11 19:05:01 hostname csf[55543]: LOGDROPOUT  all opt    in * out !lo  ::/0  -> ::/0
    Jan 11 19:05:01 hostname csf[55543]: LOGDROPIN  all opt    in !lo out *  ::/0  -> ::/0
    Jan 11 19:05:01 hostname csf[55543]: csf: FASTSTART loading DNS (IPv4)
    Jan 11 19:05:01 hostname csf[55543]: csf: FASTSTART loading DNS (IPv6)
    Jan 11 19:05:01 hostname csf[55543]: LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0
    Jan 11 19:05:01 hostname csf[55543]: LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0
    Jan 11 19:05:01 hostname csf[55543]: LOCALOUTPUT  all opt    in * out !lo  ::/0  -> ::/0
    Jan 11 19:05:01 hostname csf[55543]: LOCALINPUT  all opt    in !lo out *  ::/0  -> ::/0
    Jan 11 19:05:01 hostname systemd[1]: Started ConfigServer Firewall & Security - csf.
    
    ● lfd.service - ConfigServer Firewall & Security - lfd
       Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
       Active: active (running) since Sun 2020-01-12 03:31:46 UTC; 1h 18min ago
     Main PID: 24315 (lfd - sleeping)
       CGroup: /system.slice/lfd.service
               └─24315 lfd - sleepin
    
    Jan 12 03:31:46 hostname systemd[1]: lfd.service: main process exited, code=killed, status=9/KILL
    Jan 12 03:31:46 hostname systemd[1]: Stopped ConfigServer Firewall & Security - lfd.
    Jan 12 03:31:46 hostname systemd[1]: Unit lfd.service entered failed state.
    Jan 12 03:31:46 hostname systemd[1]: lfd.service failed.
    Jan 12 03:31:46 hostname systemd[1]: Starting ConfigServer Firewall & Security - lfd...
    Jan 12 03:31:46 hostname systemd[1]: Can't open PID file /run/lfd.pid (yet?) after start: No such file or directory
    Jan 12 03:31:46 hostname systemd[1]: Started ConfigServer Firewall & Security - lfd.
    


    There is nothing in the logs.

    Thanks for the help!
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Double check your Filezilla settings are close to ones displayed at https://centminmod.com/ftp.html

    Also are you connecting via a local LAN pc to a local LAN installed Centmin Mod instance ? Or to remote live IP based Centmin Mod instance ?

    If local LAN, check official Centmin Mod FAQ item 40 for further clues https://centminmod.com/faq.html
     
  5. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    The other possibility is your ISP has blocked FTP port 21 at their end ??
     
  6. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    I just checked and they match. This is on a remote VPS.

    I don't think so because I've been using FTP on other VPSs. I also tried it at DreamHost File Manager and it failed there too.
     
  7. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    check if your ISP IP is being blocked in anyway by CSF Firewall - see unblocking ISP IP section of https://centminmod.com/csf_firewall.html
    check if your ISP IP address has been blocked by grepping CSF Firewall IPs
    Code (Text):
    csf -g ISPIPADDRRESS

    To remove your ISP IP address from CSF Firewall block, there's 2 methods. First, is manually editing /etc/csf/csf.deny to remove ISP IP and restart CSF Firewall. Second, method is using command:
    Code (Text):
    csf -dr ISPIPADDRRESS

    to verify IP the system sees for you you can type
    Code (Text):
    w

    or
    Code (Text):
    echo $SSH_CLIENT

    also check if pure-ftpd's passive port range 30001 to 50011 is setup in CSF Firewall and FTP port 21
    Code (Text):
    csf -l  | egrep 'dpt:30001|dpt:21'

    example output
    Code (Text):
    csf -l  | egrep 'dpt:30001|dpt:21'
    12       0     0            tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: SET name: 21 side: source mask: 255.255.255.255
    13       0     0 PORTFLOOD  tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 20 name: 21 side: source mask: 255.255.255.255
    19       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    43       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    25       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    41       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    
     
  8. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Also what type of server is it ? VPS or dedicated ? output for
    Code (Text):
    virt-what

    Who's your web host ? do they have their own firewall in front of the server too ? i.e. Amazon AWS EC2 and Google Cloud VM servers have their own firewall in front and optionally DigitalOcean and Vultr do too.
     
  9. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    Output is kvm. I'm hosting with MightWeb. I'll ask them about the firewall.

    Here's the output for csf -l | egrep 'dpt:30001|dpt:21':
    Code (Text):
    12      12   536            tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: SET name: 21 side: source mask: 255.255.255.255
    13       0     0 PORTFLOOD  tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 20 name: 21 side: source mask: 255.255.255.255
    19      12   536 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    43       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    25       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    41       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    
     
  10. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    sorry was missing a s from egrep for 30001 port filter so command
    Code (Text):
    csf -l  | egrep 'dpts:30001|dpt:21'

    would reveal if passive ports 30001 to 50011 where whitelisted

    like below example
    Code (Text):
    csf -l  | egrep 'dpts:30001|dpt:21'
    29     145  6144            tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: SET name: 21 side: source mask: 255.255.255.255
    30       5   212 PORTFLOOD  tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 5 name: 21 side: source mask: 255.255.255.255
    36     140  5932 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    54   53126 2288K ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpts:30001:50011
    67       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    28       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    50       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    

    But looks like mightweb does indeed have their own firewall https://my.mightweb.net/knowledgebase/13/Do-you-block-ports.html. So need need to ask if port 21 and ports 30001 to 50011 are blocked
    If they are, you can just use root user port 22 and SFTP and ensure uploaded files get user/group permissions = nginx as outlined in Getting Started Guide step 2 for chown -R nginx:nginx command on your public web root.
     
  11. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    Here's the output:
    Code (Text):
    12       0     0            tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: SET name: 21 side: source mask: 255.255.255.255
    13       0     0 PORTFLOOD  tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 state NEW recent: UPDATE seconds: 300 hit_count: 20 name: 21 side: source mask: 255.255.255.255
    19       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    37      19   764 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpts:30001:50011
    43       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    25       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:21
    41       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            state NEW udp dpt:21
    


    I've asked if those ports are blocked. Port 21 is the correct one to be using in FileZilla, right?
     
  12. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  13. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    Last edited: Jan 14, 2020
  14. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Ah so not related to VPSes. But yes for pure-ftpd passive FTP need port 21 and 30001 to 50011 ports open which is the default for CSF Firewall already and showed in your output to be in place/working.

    Other places you could run into issues is if you have any other firewalls in between your computer and Centmin Mod server other than CSF Firewall which don't have such ports open.

    But you can side step that, using root user and SFTP and port 22 too with what I previously wrote
    You can also try creating a 2nd dummy nginx vhost site via centmin.sh menu option 2 and seeing if that generated pure-ftpd credentials are able to login via FTP and filezilla. Or on an hourly billed VPS host like vultr, digitalocean, linode or like highly recommended Upcloud - signees also get US$25 credits to use as well create a test VPS and install Centmin Mod and verify if new nginx vhost pure-ftpd account works on such server to rule out issues on your mightweb server and then destroy that VPS instead - at most 1hr will be a few cents from your US$25 credits :)
     
  15. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    I used https://www.yougetsignal.com/tools/open-ports/ and it said that both port 21 and 30001 are closed, so it's got to be something on the VPS then? I'm putting in the IP directly.
     
  16. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    ah forgot to check the obvious if pure-ftpd server is running/started

    what's output for command below ?
    Code (Text):
    service pure-ftpd status | sed -e "s|$(hostname)|hostname|g"

    if pure-ftpd server isn't running start it and ensure reboots start it too
    Code (Text):
    service pure-ftpd start
    chkconfig on
    systemctl enable pure-ftpd
    
     
  17. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    ah, that was it! I don't know how I missed that, sorry! Thanks for the help!
     
  18. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah sometimes we overlook the obvious :LOL::whistle:
     
  19. jrc2

    jrc2 New Member

    13
    2
    3
    Jan 12, 2020
    Ratings:
    +2
    Local Time:
    8:20 AM
    Should enabling pure-ftpd be added to the script when centmin is installed?
     
  20. eva2000

    eva2000 Administrator Staff Member

    44,718
    10,193
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,797
    Local Time:
    10:20 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x