tls over ftp

[kwickcut]

i have followed this how to
http://www.howtoforge.com/how-to-con...n-ubuntu-10.10

and when i try to connect to the ftp it fails below is the output

now if i use this command i can connect with no issuesusing ftp only

Code:

echo 1 > /etc/pure-ftpd/conf/TLS

but when i use this code i get the message below

Code:

echo 2 > /etc/pure-ftpd/conf/TLS

Code:

Status:	Resolving address of www.mysite.com
Status:	Connecting to XX.XX.XXX.XX:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 4 of 50 allowed.
Response:	220-Local time is now 13:28. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Status:	Verifying certificate...
Command:	USER kwickbid
Status:	TLS/SSL connection established.
Response:	331 User kwickbid OK. Password required
Command:	PASS ********
Response:	230-User username has group access to:  client1    sshusers  
Response:	230 OK. Current restricted directory is /
Command:	SYST
Response:	215 UNIX Type: L8
Command:	FEAT
Response:	211-Extensions supported:
Response:	 EPRT
Response:	 IDLE
Response:	 MDTM
Response:	 SIZE
Response:	 REST STREAM
Response:	 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:	 MLSD
Response:	 AUTH TLS
Response:	 PBSZ
Response:	 PROT
Response:	 UTF8
Response:	 ESTA
Response:	 PASV
Response:	 EPSV
Response:	 SPSV
Response:	 ESTP
Response:	211 End.
Command:	OPTS UTF8 ON
Response:	200 OK, UTF-8 enabled
Command:	PBSZ 0
Response:	200 PBSZ=0
Command:	PROT P
Response:	200 Data protection level set to "private"
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (192,168,1,101,149,206)
Status:	Server sent passive reply with unroutable address. Using server address instead.
Command:	MLSD
Error:	GnuTLS error -53: Error in the push function.
Error:	Connection timed out
Error:	Failed to retrieve directory listing

[falko]

What FTP client do you use? Do you use FTPES in the client?

[kwickcut]

i am using filezilla and flashfxp both of these worked on this setup on the old server....so all of the settings are correct

this is a new setup but configured the same as the old setup this goes back to this post http://www.howtoforge.com/forums/showthread.php?t=56111

could never get it squared away so i just built a new box



kwick

[kwickcut]

ok i now have connection to the ftp using tls only as described in this link http://www.howtoforge.com/how-to-con...n-ubuntu-10.10

once you have configured the proftpd as the howtp says then follow the rest that needs to be done

this what the howto leaves out. you need to open some ports by adding a file called PassivePortRange to /etc/pure-ftpd/conf and then add a range of ports i have used the ones below. you can use what ever ports you have open

Code:

50000 51000

then also add a file named ForcePassiveIP to /etc/pure-ftpd/conf and add you server ip

Code:

server ip numbers

then restart proftpd

Code:

/etc/init.d/pure-ftpd-mysql restart

now you should be able to connect to the ftp using tls connection



kwick

[falko]

Quote:

Originally Posted by kwickcut

this what the howto leaves out. you need to open some ports by adding a file called PassivePortRange to /etc/pure-ftpd/conf and then add a range of ports i have used the ones below.

So you run your FTP server behind a router (probably at home/work)?

Servers in a data center normally don't need the PassivePortRange.

[kwickcut]

yes this is behind a router at home.