ConfigServer Community Forum

hello, please advice
i have default settings, all working and 99% of clients can use ftp, but always i have 1% of clients who cannot login to ftp, no logs.
how i fix that> i add their ip to csf allow and to brute whitelist, then they able to login.
for example now clients from russia cannot login from different ips


Status: Finding an IP address for ftp.test.ee
Status: Connecting to 85.46.87.2:21...
Status: Connection established, waiting for prompt...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Getting list of directories...
Team: PWD
Answer: 257 "/" is your current location
Team: TYPE I
Answer: 200 TYPE is now 8-bit binary
Team: PASV
Answer: 227 Entering Passive Mode (85,46,87,2,229,161)
Team: MLSD
Error: Connection terminated after 20 seconds of inactivity
Error: Failed to get directory listing
Status: Disconnected from the server
Status: Finding an IP address for ftp.test.ee
Status: Connecting to 85.46.87.2:21...
Status: Connection established, waiting for prompt...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Getting list of directories...
Team: PWD
Answer: 257 "/" is your current location
Team: TYPE I
Answer: 200 TYPE is now 8-bit binary
Team: PASV
Answer: 227 Entering Passive Mode (85,46,87,2,206,65)
Team: MLSD
Error: Connection terminated after 20 seconds of inactivity
Error: Failed to get directory listing

Do you have the passive ports open in your FireWall if not, then you have to open them.
Usually Pasive Ports are at: 49152 - 65534

You should take care on what ports to open to the general public, I don't recommend to open them to the general public, what I have done is to open that ports just for the countries of my customers and close for the rest that are not.

More info https://docs.cpanel.net/knowledge-base/ ... sive-mode/

Ok, thanks
Done as you said.

Just in case needed, this is what I do for my customers to use the passive ports.

Inside CSF configuration, go to:
CC_ALLOW_PORTS = CA,US
and add the Country codes that you want to allow the passive ports. Example: CA,US

Then on the following line write the FTP ports that you want your ALLOWED countries to connect:
CC_ALLOW_PORTS_TCP = 20,21,49152:65534

Sergio

same again...this dont help
eam: PWD
Answer: 257 "/" is your current location
Team: TYPE I
Answer: 200 TYPE is now 8-bit binary
Team: PASV
Answer: 227 Entering Passive Mode (85,46,87,2,206,65)
Team: MLSD
Error: Connection terminated after 20 seconds of inactivity
Error: Failed to get directory listing

client from russia cannot login
my settings:
https://prnt.sc/1k1CL2FfTsE0

What Country Code listing are you using?
It could be that the listing that you are using doesn't has all the Russian IPs.

Does your customer from Russia changes IP very often?

If not, then try to add a rule manually in CSF under "Temporary Allow/Deny" option, like this:

ALLOW IP address: 85.46.87.2 to ports: 20,21,49152:65534 for: 3 days

You can change the days as you wish, just give it a try.

yes, very often..how to find out reason`?