PHP FTP access on Managed VDS

Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
Post Reply
FltKll
New to forums
New to forums
Posts: 5
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Tue Sep 03, 2019 1:37 pm

PHP FTP access on Managed VDS

Post by FltKll »

I can't see any reason for this to fail other than some firewall or other hitch on the NFO side.

Using basic PHP FTP calls: ftp_connect, ftp_login, ftp_pwd, ftp_pasv, and so on.

Code works fine on publically available FTP test servers.

Works perfectly fine on our Unmanged VDS with PureFTP installed.

On our Managed VDS, we can connect and login. No errors, and verified via the server log available in the NFO panel.
But that's it. All other PHP FTP commands fail.

And yes, Filezilla clients connect just fine. Even hit the firewalls in the NFO panel for both the game servers and the VDS to full-pass-thru the server/s the FTP connection is originating from.

Anyone with thoughts? And if @Edge100x is feeling it feel free to hit up ticket 148715
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: PHP FTP access on Managed VDS

Post by Edge100x »

Have you tried disabling or enabling passive mode?

Where are you running the PHP FTP commands from?
FltKll
New to forums
New to forums
Posts: 5
Joined: Tue Sep 03, 2019 1:37 pm

Re: PHP FTP access on Managed VDS

Post by FltKll »

The ftp_pasv command fails.

These are coming from a server outside your data center.
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: PHP FTP access on Managed VDS

Post by Edge100x »

It's odd that the passive command would fail. We definitely support passive mode on this end, and there's no firewall involved on a managed machine. I would also expect for the same problem to occur for all clients. Can you paste the detailed exchange that shows the commands and error messages returned? Are you certain there is no firewall on the other side?
FltKll
New to forums
New to forums
Posts: 5
Joined: Tue Sep 03, 2019 1:37 pm

Re: PHP FTP access on Managed VDS

Post by FltKll »

Just swinging back to this now.

Dedicated, unmanged are fine, as stated before, as are other non-NFO servers I've tested.

But - these Managed VDS's... appears you are running vsftpd right?

When I throw an ftp_systype() at this I get: 500 OOPS: vsf_sysutil_bind - all other servers tested everywhere return UNIX as expected

I can throw a bunch of links at you on this error but it appears there is some proxy thing going on on your side preventing server-server connections or something of the sort.

http://omasse.blogspot.com/2015/09/conf ... y-ftp.html seems it might be on point here, especially that bit at the end mentioning what the default setting is for a particular trait and how the example provided by vsftpd is the opposite (note the single comment on that blog from a few days ago actually isn't me :) )

Otherwise there are no errors - the connection is made but uploads, downloads, directory listing, etc. are failing.
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: PHP FTP access on Managed VDS

Post by Edge100x »

We aren't using any sort of proxying setup on our end, no. FTP connections go straight through to the actual machine. If you're running your PHP queries though a NAT or have an unusual firewall configuration, though, those might be factors.

Some sources suggest that this error can occur if the server runs out of free ports. We don't limit the passive range, so this shouldn't happen normally. If you open a support request, we can check your managed machine and make sure that nothing you are running is tying them up.

Certainly interesting that you're only having the issue with PHP. If the problem is server side, I would generally expect it to occur with any client.
FltKll
New to forums
New to forums
Posts: 5
Joined: Tue Sep 03, 2019 1:37 pm

Re: PHP FTP access on Managed VDS

Post by FltKll »

After a slug of bourbon and some more digging I think I found the problem. Hot NAT on NAT action, which PHP ftp doesn't necessarily play well with UNLESS you set this flag - FTP_USEPASVADDRESS - to false immediately before making the connection pasv.

I tested it ONCE and my test script worked on the managed here - but I did within the last hour adjust the game server firewall to allow my ip clean through and maybe that change finally took... So, gonna sleep now and formally test this up in the morning - either managed VDS servers require the server firewall set to allow the external connecting server packets clean through, the above PHP flag set to false, or both.

I'll know in the morning.
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: PHP FTP access on Managed VDS

Post by Edge100x »

We don't use a NAT, proxy, or stateful firewall on game hosting machines and the FTP traffic is let right on through, completely unmolested, across all port ranges, so there aren't any firewall settings to twiddle on that side.

I hope the setting change works for you. If it does, it sounds like you may be running a stateful firewall that isn't tracking the passive mode switch because it uses a different IP (if it is, indeed, giving a different IP).
FltKll
New to forums
New to forums
Posts: 5
Joined: Tue Sep 03, 2019 1:37 pm

Re: PHP FTP access on Managed VDS

Post by FltKll »

Have you guys specified a passive port range in vsFTP?
pasv_max_port
pasv_min_port

Otherwise I'm just going to accept whitelisting the game server ip in the firewall tables, setting that php pasvip flag, and calling it a day :)
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: PHP FTP access on Managed VDS

Post by Edge100x »

Nope, we don't set pasv_min_port or pasv_max_port for gameserver vsftpd installations. This means that by default it will "use any port". And, all ports are let through the firewall on our end.

Since the game server VDS is multihomed, the explanation that you found of the FTP server returning an unexpected IP address in response to the passive command, PHP by default using that other IP address, and your firewall dropping traffic would make sense. FTP_USEPASVADDRESS sounds like it was invented for just this purpose.

Odd that vsftpd would be doing that, though. It's supposed to be that "the address is taken from the incoming connected socket" for what vsftpd advertises in response to the PASV command.
Post Reply