Comments on Setting Up ProFTPd + TLS On Ubuntu 11.04 (Natty Narwhal)

Setting Up ProFTPd + TLS On Ubuntu 11.04 (Natty Narwhal) FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on an Ubuntu 11.04 server.

5 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Liquid
Reply  

Function only with older release of FileZilla 3.0.11.1 - http://filehippo.com/download_filezilla/4377/

 What about to define CipherSuite acording to bad news about SSL/TLS and AES?

TLSProtocol                     SSLv3
TLSCipherSuite                  !aNULL:!eNULL:!EXPORT:!DSS:!DES:!ADH:!SSLv2:RC4-SHA:RC4-MD5

By:
Reply  

Hello There is just A little add . A kind of run time error caused failure of start at boot time from proftpd in natty. When :

Pc is fast,Network manager is used and :

Using masquerading address and Tls behind Nat router . (masquerading is needed as router can't interpret the ftp commands when using tls. The client however needs the correct link. To the passieve ftp ports used opened when up or downloading files). 

To solve this do : sudo update-rc.d -f proftpd remove. And add an upstart script in

/etc/init  called proftpd.conf which looks like

# Proftpd
#Use this instead of standard(old) rc.d When using network manager
#and dns masquer address Otherwise proftp start may fail due to no dns lookup avbl yet
#during boottime. With this proftpd will only start when network device is up
#


description    "proftpd"

start on (local-filesystems and net-device-up IFACE!=lo)          
stop on runlevel [016]

expect fork
respawn

pre-start script
    mkdir -p /var/run/proftpd

end script

script

exec proftpd -c /etc/proftpd/proftpd.conf

end script

 On an older pc It's start ok with the rc.d scripts But with a fast pc and using network manager with ubuntu natty. The failure during boot time of proftpd occurs with message -fatal unable to resolve masquerading xxxx.xxx.cx

 

By: Mark
Reply  

Thank you. It was very helpful.

By: Bogdan
Reply  

If your server has a private address (ex. 192.168.1.150) you must edit two options in /etc/proftpd/proftpd.conf and then open a range of ports on your router to be forwarded to 192.168.1.150

In my filezilla logs i have :

Status:    Server sent passive reply with unroutable address. Using server address instead.
Command:    MLSD
Error:    GnuTLS error -53: Error in the push function.
 

To resolve this edit  /etc/proftpd/proftpd.conf and modify the lines like that :

 

PassivePorts                  52500 52510

 

MasqueradeAddress               89.33.34.35

 

Passive ports it's a range of ports forwarded to the internal IP : 52500-52510

MasqueradeAddress is your public IP (in my case 89.33.34.35)

Then open a range of ports on your router (52500-52510) , and forward them to your private IP (192.168.1.150) in my case.

By: casthos
Reply  

Don't forget to enable mod_tls.c in /etc/proftpd/modules.conf, (uncomment the ligne). Othewise it will not work and if you try to run protftpd -td5, to check the configuration, you can see  <IfModule>: skipping 'mod_tls.c' section at line... .