Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd July 2011, 14:07
GarGamel55 GarGamel55 is offline
Member
 
Join Date: Jul 2011
Posts: 30
Thanks: 6
Thanked 3 Times in 3 Posts
Default How To Configure PureFTPd To Accept TLS Sessions On Debian Squeeze

Hello,

Is this tutorial : http://www.howtoforge.com/how-to-con...n-debian-lenny also works for Debian Squeeze?

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 24th July 2011, 19:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Yes, it should work for Squeeze as well.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
GarGamel55 (24th July 2011)
  #3  
Old 30th July 2011, 14:49
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 197
Thanks: 25
Thanked 60 Times in 44 Posts
Default

Hi Guys

First, thank you very much for your site. It is awesome, as ISPConfig is too. I really appreciate all the work of you. Thanks!

I am really new in root server business, but with your site I got my "Perfect ISPConfig Server" working. Now, I have some problems (lots according to this topic so I write here), some others.

First: I followed the TSL steps already in the tutorial and tried it again with the link provided here. However FileZilla times-out. I have absolutly no idea why and how I can fix this.

If you could give me a hint here?

Since I am, as I said, very new to this business please tell me which logs you need since I have no idea

Second: How do I enable IMAP over SSL? I got it running with normal IMAP but not with SSL. What do I have to do?

Third: In general I would like to run ISPConfig/RoundCube/phpMyAdmin over SSL.

My situation is the following: I set up my server according to the "Perfect Server" and followed also the "Extendind the perfect server" tutorial. OS is Debain 6 64-bit.

I use those IP's as nameserver:

31.214.136.34 + 31.214.136.35

The "primary domain" is rackster.ch, where everything works on. I would also like to install SSL for the domain itself. https://www.rackster.ch.

Is this possible? Since I always used rackster.ch during the tutorials I had to use * as IP in ISPConfig for Domain Setup as I wanted this domain to have it's own directory as a client has (ssl, web etc.)

Now, I signed a SSL Cert with GlobalSign. Can I use this with all services? (TSL/IMAP SSL/WEBSITE)?

Thank you very very much for your help as I really don't know how I should fix all this by my own.

Kindly Regards,
Michel
Reply With Quote
  #4  
Old 31st July 2011, 12:36
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Quote:
Originally Posted by MaddinXx View Post
First: I followed the TSL steps already in the tutorial and tried it again with the link provided here. However FileZilla times-out. I have absolutly no idea why and how I can fix this.

If you could give me a hint here?
What are the outputs of
Code:
netstat -tap
and
Code:
iptables -L
? Is the server located in a data center, or do you run it at home (behind a router)?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 31st July 2011, 12:41
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 197
Thanks: 25
Thanked 60 Times in 44 Posts
Default

Hi Falko

Thanks for helping The server is located in a data center.

Here is the output of netstat -tap:
Code:
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      1686/portmap
tcp        0      0 *:50000                 *:*                     LISTEN      24067/perl
tcp        0      0 *:ftp                   *:*                     LISTEN      3531/pure-ftpd (SER
tcp        0      0 31.214.136.62:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.61:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.60:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.59:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.58:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.57:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.56:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.55:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.54:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.53:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.52:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.51:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.50:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.49:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.48:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.47:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.46:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.45:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.44:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.43:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.42:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.41:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.40:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.39:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.38:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.37:domain    *:*                     LISTEN      6262/named
tcp        0      0 mail.rackster.ch:domain *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.35:domain    *:*                     LISTEN      6262/named
tcp        0      0 rs1500001.ffm.mt:domain *:*                     LISTEN      6262/named
tcp        0      0 localhost:domain        *:*                     LISTEN      6262/named
tcp        0      0 localhost:953           *:*                     LISTEN      6262/named
tcp        0      0 *:smtp                  *:*                     LISTEN      3115/master
tcp        0      0 *:48002                 *:*                     LISTEN      1698/rpc.statd
tcp        0      0 *:50022                 *:*                     LISTEN      25725/sshd
tcp        0      0 localhost:10024         *:*                     LISTEN      1321/amavisd (ch1-a
tcp        0      0 localhost:10025         *:*                     LISTEN      3115/master
tcp        0      0 localhost:mysql         *:*                     LISTEN      2584/mysqld
tcp       53      0 localhost:58190         localhost:10025         CLOSE_WAIT  1321/amavisd (ch1-a
tcp        0      0 localhost:mysql         localhost:34845         VERBUNDEN   2584/mysqld
tcp        0   1176 rs1500001.ffm.mte:50022 zux221-139-219.ad:58051 VERBUNDEN   2674/0
tcp        0      0 localhost:34845         localhost:mysql         VERBUNDEN   1321/amavisd (ch1-a
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      2016/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      2061/couriertcpd
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:www                [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      3531/pure-ftpd (SER
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      6262/named
tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      6262/named
tcp6       0      0 [::]:https              [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      21793/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      21815/couriertcpd
tcp6       0      0 [::]:50022              [::]:*                  LISTEN      25725/sshd
And this for iptables -L:
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  base-address.mcast.net/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain PAROLE (14 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http-alt
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:tproxy
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:50000
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:50022
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:mysql
DROP       icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-courierimap (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierimaps (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierpop3 (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierpop3s (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-pureftpd (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-roundcube (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-sasl (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-webmin-auth (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
Regards,
Michel
Reply With Quote
  #6  
Old 1st August 2011, 09:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Ok, regarding IMAPS, you must allow port 993 in your firewall (995 if you want to use POP3S also).

Regarding FTP, did you try active and passive mode in your FTP client? Firewall settings and netstat output seem to be ok.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 1st August 2011, 20:37
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 197
Thanks: 25
Thanked 60 Times in 44 Posts
Default

Hi falko

IMAP/POP is now working fine, thank you very much for the help.

With FTP I tried both, active and passive - with different FTP clients etc. :S

Transmit on Mac is saying:

Server meldete: I won't open a connection to 192.168.1.13 (only to 81.221.139.219)

Fehler -162: PORT failed

Thanks,
Michel
Reply With Quote
  #8  
Old 2nd August 2011, 10:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Did you try from within and from outside your LAN?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 5th August 2011, 12:44
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 197
Thanks: 25
Thanked 60 Times in 44 Posts
Default

Hi Falko

I tried from outside my LAN, still no success. The FTP Clients are stocking after:

Entering Passive Mode

Would it help if I would create you an FTP User so you can check?

Kindly Regards,
Michel
Reply With Quote
  #10  
Old 5th August 2011, 16:14
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
 
Default

Quote:
Originally Posted by MaddinXx View Post
Hi falko
With FTP I tried both, active and passive - with different FTP clients etc. :S

Transmit on Mac is saying:

Server meldete: I won't open a connection to 192.168.1.13 (only to 81.221.139.219)

Fehler -162: PORT failed
Try adding this in your tls config:
Code:
TLSOptions                              NoCertRequest NoSessionReuseRequired
Transmit doesn't keep itself to the "correct" rules about tls usage, it doesn't reuse it's tls session, but requests a new one. proftpd doesn't allow that by default.
adding "TLSOptions NoCertRequest NoSessionReuseRequired" and you will be able to connect with transmit.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installation just stops, and dies. cosmicsafari Installation/Configuration 3 19th July 2011 10:24
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 22:41
[debian 5 + ispconfig 3] Unable to send mail tanakskool HOWTO-Related Questions 6 4th November 2009 18:20
Facing problem with ICMP (ping request) princeu28 Installation/Configuration 5 14th August 2008 00:13
Opening TPC ports thehappyappy Installation/Configuration 12 7th May 2008 18:39


All times are GMT +2. The time now is 11:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.