pureftp in active mode

Discussion in 'Installation/Configuration' started by sasab22, Feb 15, 2018.

  1. sasab22

    sasab22 New Member

    hi,
    I have a problem with pureftpd as it does not work in active mode but it only works in passive mode.
    on the my firewall I opened ports:21, 20 and 40110 to 40210.
    I have already open port 20/tcp from server (with ISPConfig) to anywhere.
    I wrong the configuration of pureftp?
    Thanks.
    -
    Salvatore.
     
    Last edited: Feb 15, 2018
  2. Jesse Norell

    Jesse Norell Well-Known Member

    You will have to turn off tls, either in the ftp client or in pure-ftpd, to use active mode ftp. The two (tls and active mode) would work together if you had no firewalls or nat on or between the client and server, but that is a fairly uncommon configuration. As unencrypted ftp isn't a very good idea, you should probably just use passive mode or switch to sftp.
     
  3. sasab22

    sasab22 New Member

    Hi,
    if I understand correctly to enable ftp access in active mode I have to disable the TLS on pure-ftpd configuration, I currently have:
    #cat / etc / pure-ftpd / conf / TLS
    1

    to disable TLS I have to run:
    echo 0 > /etc/pure-ftpd/conf/TLS

    Thanks.
    -
    Salvatore.
     
  4. Jesse Norell

    Jesse Norell Well-Known Member

    Yeah, pretty much. And just be aware that your ftp usernames/passwords, and the contents of all your ftp sessions (eg. file contents) will be sent in cleartext.
     
  5. sasab22

    sasab22 New Member

    Hi,
    I disabled the TLS (now it is 0 and restarted ftp service) but in any case in active mode I can not make the ftp connection.
    Thanks.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

  7. sasab22

    sasab22 New Member

    Hi,
    the error consists in the fact it is not possible to directory listening
    yes, I have restarted the service pureftp
    on pureftp I have configured the ftp ports and in passive mode it works
    Thanks.
     
  8. Jesse Norell

    Jesse Norell Well-Known Member

    Active mode ftp will break if there is a nat or firewall on the client end which is not ftp aware, as the data connections from the server to the client will be blocked. That is the same underlying reason that active mode doesn't work with tls, ie. because a nat/firewall cannot see the ftp control connection in order to open the correct ports. If you have indeed disabled tls and active mode still fails, you will have to look into all the network components between your client and server (start on the client end, with a local firewall/connections sharing, then to your network router, then next hop router....), use passive mode, or abandon ftp for something like sftp.

    There probably is a reason but it's not obvious: if passive mode works for you, why don't use just use that?
     

Share This Page