Navigation

MattJo. · #1 19th October 2010, 17:54

Hello,

I recently upgrade to 10.10 and 3.0.3 and was able to get most errors resolved, but I have run into a problem after enabling TLS is PureFTP. I get the following in Filezilla

Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 10:45. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()

I checked some of the forum posts and thought doing what bolek2000 suggests here would work: http://www.howtoforge.com/forums/sho...hlight=FTP+TLS

but that didn't do the trick either. I also tried re-installing ISPC 3 and that didn't solve anything either.

I have both ports 20 and 21 open and am using Active so I am at a loss.

Please help,

thanks,

Matt

falko · #2 20th October 2010, 17:38

Did you try passive mode as well? Which FTP client do you use?

MattJo. · #3 21st October 2010, 07:27

falko,

I tried from a Mac and a Windows machine (one local and one remote) both with Filezilla with both active and passive. I checked the firewalls on the server and the gateway can't see anything I am missing. Below is as much and as far as I got from Filezilla.

thanks in advance,

Matt

Status: Connecting to xxx.xxx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 23:44. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CControlSocket:

oClose(10)
Trace: CFtpControlSocket::ResetOperation(74)
Trace: CControlSocket::ResetOperation(74)

falko · #4 22nd October 2010, 13:40

Are there any errors in your logs?

MattJo. · #5 25th October 2010, 07:21

None. I also had problems trying to get TLS to work correctly with postfix as well as it happens.

falko · #6 26th October 2010, 14:57

Did you get any errors when you created the certificate? Did you accept the default values, or did you enter your own values?

MattJo. · #7 26th October 2010, 20:25

Falko,

I use a linux based UTM that was scanning FTP traffic--I turned this off and was able to get more info from Filezilla--its still failing to connect but it looks like the FTP server is replying with the server's LAN ip and not the external WAN ip. I have tried active and passive modes and same issue as below.

Command: PASV
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (192,168,xxx,xxx,xx,xxx)
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 2
Status: Server sent passive reply with unroutable address. Using server address instead.
Trace: Reply: 192.168.xxx.xxx, peer: xxx.xxx.xxx.xxx
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 4
Command: MLSD
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-53, 53)
Error: GnuTLS error -53: Error in the push function.
Trace: CTransferSocket::TransferEnd(3)
Trace: CFtpControlSocket::TransferEnd()

thanks,

Matt

MattJo. · #8 26th October 2010, 20:53

Do I set the passive response ip with this command:

sudo pure-ftpd -P xxx.xxx.xxx.xxx

?

thanks,

Matt

MattJo. · #9 27th October 2010, 00:11

OK so I set ForcePassiveIP and PassivePortRange in /etc/pure-ftpd/conf/ and restarted pure-ftpd and also rebooted the server.

I also opened the appropriate ports in ISPConfig and my router, but I still can't get a directory listing in Filezilla

thanks,

Matt

The only error I can see is in Filezilla:

Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,234,195)
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 2
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 4
Command: MLSD
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-53, 53)
Error: GnuTLS error -53: Error in the push function.
Trace: CTransferSocket::TransferEnd(3)
Trace: CFtpControlSocket::TransferEnd()
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 421 Timeout
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 4
Trace: state = 6
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Trace: CFtpControlSocket::ParseSubcommandResult(2)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: state = 3
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Error: Failed to retrieve directory listing
Trace: CFileZillaEnginePrivate::ResetOperation(2)
Trace: CTlsSocket::Failure(-9, 0)
Error: GnuTLS error -9: A TLS packet with unexpected length was received.
Status: Server did not properly shut down TLS connection
Error: Could not read from socket: ECONNABORTED - Connection aborted
Error: Disconnected from server
Trace: CControlSocket:

oClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CFileZillaEnginePrivate::ResetOperation(66)

Here is what I get from the server system log at this time:

Oct 26 16:50:33 server pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] New connection from xxx.xxx.xxx.xxx
Oct 26 16:50:34 server pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES128-SHA, 128 secret bits cipher
Oct 26 16:50:34 server pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] *user* is now logged in
Oct 26 16:55:01 server pure-ftpd: (?@::1) [INFO] New connection from ::1
Oct 26 16:55:01 server pure-ftpd: (?@::1) [INFO] Logout.
Oct 26 17:00:02 server pure-ftpd: (?@::1) [INFO] New connection from ::1
Oct 26 17:00:02 server pure-ftpd: (?@::1) [INFO] Logout.
Oct 26 17:02:20 server pure-ftpd: (*user*@xxx.xxx.xxx.xxx) [INFO] Timeout
Oct 26 17:05:01 server pure-ftpd: (?@::1) [INFO] New connection from ::1
Oct 26 17:05:01 server pure-ftpd: (?@::1) [INFO] Logout.

falko · #10 27th October 2010, 15:00

Hm, not sure what the problem is. Have you tried from within your LAN and from the outside? Maybe it's a problem with your router.

Navigation

Facebook

News

Recent comments

Newsletter