Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th October 2010, 17:54
MattJo. MattJo. is offline
Member
 
Join Date: May 2010
Posts: 40
Thanks: 16
Thanked 0 Times in 0 Posts
Default FTP and TLS on 10.10 Perfect Server with ISPC3

Hello,

I recently upgrade to 10.10 and 3.0.3 and was able to get most errors resolved, but I have run into a problem after enabling TLS is PureFTP. I get the following in Filezilla

Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 10:45. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()

I checked some of the forum posts and thought doing what bolek2000 suggests here would work: http://www.howtoforge.com/forums/sho...hlight=FTP+TLS

but that didn't do the trick either. I also tried re-installing ISPC 3 and that didn't solve anything either.

I have both ports 20 and 21 open and am using Active so I am at a loss.

Please help,

thanks,

Matt
Reply With Quote
Sponsored Links
  #2  
Old 20th October 2010, 17:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Did you try passive mode as well? Which FTP client do you use?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st October 2010, 07:27
MattJo. MattJo. is offline
Member
 
Join Date: May 2010
Posts: 40
Thanks: 16
Thanked 0 Times in 0 Posts
Default

falko,

I tried from a Mac and a Windows machine (one local and one remote) both with Filezilla with both active and passive. I checked the firewalls on the server and the gateway can't see anything I am missing. Below is as much and as far as I got from Filezilla.

thanks in advance,

Matt

Status: Connecting to xxx.xxx.xx.xx:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 23:44. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH TLS OK.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CControlSocket:oClose(10)
Trace: CFtpControlSocket::ResetOperation(74)
Trace: CControlSocket::ResetOperation(74)
Reply With Quote
  #4  
Old 22nd October 2010, 13:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Are there any errors in your logs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 25th October 2010, 07:21
MattJo. MattJo. is offline
Member
 
Join Date: May 2010
Posts: 40
Thanks: 16
Thanked 0 Times in 0 Posts
Default

None. I also had problems trying to get TLS to work correctly with postfix as well as it happens.
Reply With Quote
  #6  
Old 26th October 2010, 14:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Did you get any errors when you created the certificate? Did you accept the default values, or did you enter your own values?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 26th October 2010, 20:25
MattJo. MattJo. is offline
Member
 
Join Date: May 2010
Posts: 40
Thanks: 16
Thanked 0 Times in 0 Posts
Default

Falko,

I use a linux based UTM that was scanning FTP traffic--I turned this off and was able to get more info from Filezilla--its still failing to connect but it looks like the FTP server is replying with the server's LAN ip and not the external WAN ip. I have tried active and passive modes and same issue as below.

Command: PASV
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 227 Entering Passive Mode (192,168,xxx,xxx,xx,xxx)
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 2
Status: Server sent passive reply with unroutable address. Using server address instead.
Trace: Reply: 192.168.xxx.xxx, peer: xxx.xxx.xxx.xxx
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 4
Command: MLSD
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-53, 53)
Error: GnuTLS error -53: Error in the push function.
Trace: CTransferSocket::TransferEnd(3)
Trace: CFtpControlSocket::TransferEnd()

thanks,

Matt
Reply With Quote
  #8  
Old 26th October 2010, 20:53
MattJo. MattJo. is offline
Member
 
Join Date: May 2010
Posts: 40
Thanks: 16
Thanked 0 Times in 0 Posts
Default

Do I set the passive response ip with this command:

sudo pure-ftpd -P xxx.xxx.xxx.xxx


?

thanks,

Matt
Reply With Quote
  #9  
Old 27th October 2010, 00:11
MattJo. MattJo. is offline
Member
 
Join Date: May 2010
Posts: 40
Thanks: 16
Thanked 0 Times in 0 Posts
Default

OK so I set ForcePassiveIP and PassivePortRange in /etc/pure-ftpd/conf/ and restarted pure-ftpd and also rebooted the server.

I also opened the appropriate ports in ISPConfig and my router, but I still can't get a directory listing in Filezilla

thanks,

Matt

The only error I can see is in Filezilla:

Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,234,195)
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 2
Trace: state = 2
Trace: CFtpControlSocket::SendNextCommand()
Trace: CFtpControlSocket::TransferSend()
Trace: state = 4
Command: MLSD
Trace: CTransferSocket::OnConnect
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::Failure(-53, 53)
Error: GnuTLS error -53: Error in the push function.
Trace: CTransferSocket::TransferEnd(3)
Trace: CFtpControlSocket::TransferEnd()
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 421 Timeout
Trace: CFtpControlSocket::TransferParseResponse()
Trace: code = 4
Trace: state = 6
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Trace: CFtpControlSocket::ParseSubcommandResult(2)
Trace: CFtpControlSocket::ListSubcommandResult()
Trace: state = 3
Trace: CFtpControlSocket::ResetOperation(2)
Trace: CControlSocket::ResetOperation(2)
Error: Failed to retrieve directory listing
Trace: CFileZillaEnginePrivate::ResetOperation(2)
Trace: CTlsSocket::Failure(-9, 0)
Error: GnuTLS error -9: A TLS packet with unexpected length was received.
Status: Server did not properly shut down TLS connection
Error: Could not read from socket: ECONNABORTED - Connection aborted
Error: Disconnected from server
Trace: CControlSocket:oClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CFileZillaEnginePrivate::ResetOperation(66)

Here is what I get from the server system log at this time:

Oct 26 16:50:33 server pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] New connection from xxx.xxx.xxx.xxx
Oct 26 16:50:34 server pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES128-SHA, 128 secret bits cipher
Oct 26 16:50:34 server pure-ftpd: (?@xxx.xxx.xxx.xxx) [INFO] *user* is now logged in
Oct 26 16:55:01 server pure-ftpd: (?@::1) [INFO] New connection from ::1
Oct 26 16:55:01 server pure-ftpd: (?@::1) [INFO] Logout.
Oct 26 17:00:02 server pure-ftpd: (?@::1) [INFO] New connection from ::1
Oct 26 17:00:02 server pure-ftpd: (?@::1) [INFO] Logout.
Oct 26 17:02:20 server pure-ftpd: (*user*@xxx.xxx.xxx.xxx) [INFO] Timeout
Oct 26 17:05:01 server pure-ftpd: (?@::1) [INFO] New connection from ::1
Oct 26 17:05:01 server pure-ftpd: (?@::1) [INFO] Logout.
Reply With Quote
  #10  
Old 27th October 2010, 15:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
 
Default

Hm, not sure what the problem is. Have you tried from within your LAN and from the outside? Maybe it's a problem with your router.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTPS error misterm Server Operation 43 7th September 2009 20:59
Newb: Result of nessus scan Slowhand Installation/Configuration 12 4th June 2009 15:31
Cannot connect to anonymus ftp n1kol1s Installation/Configuration 39 15th February 2007 18:36
Ftp file permisions chown ftpuser:ftpgroup Webspot HOWTO-Related Questions 11 20th January 2007 11:12
553 "Permission denied on server" ProFTPD 553 Permission denied on server slow_boy Server Operation 15 9th June 2006 12:36


All times are GMT +2. The time now is 07:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.