PureFTP over TLS

Discussion in 'Tips/Tricks/Mods' started by corpus, Aug 31, 2011.

  1. corpus

    corpus Member

    I had some errors to login in pureftpd server with TLS session enabled and filezilla with FTPES - FTP over explicit TLS/SSL

    after a litlle search in google found that the problem is the firewall.
    When i disabled firewall rules from ispconfig i can login
    So the solution that worked for me is

    first run as root
    grep -i ftps /etc/services
    my results in debian 6
    ftps-data	989/tcp				# FTP over SSL (data)
    ftps		990/tcp
    add port 989 in Open TCP ports in your ispconfig firewall records
    works !!
    Last edited: Aug 31, 2011
  2. gertk

    gertk New Member

  3. corpus

    corpus Member

    Your solution works

    Your solution works, mine works for a wile
  4. denpark

    denpark New Member

    do i need to add port 990 also? it doesn't seem to be in my list.
  5. corpus

    corpus Member

    denpark try only the gertk solution


    My solution works only for a while
    But i don΄t know if only passive connections is ok
  6. denpark

    denpark New Member

  7. maumar

    maumar Member HowtoForge Supporter

    I am not able to have FTP over Explicit TLS
    I have ftp over TLS, listening on port 21
    I would have ftp listening on port
    ftps-data 989/tcp # FTP over SSL (data)
    ftps 990/tcp

    But pure-ftp is listening on port 21 only

    Please advice
    Many thnx
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    By default, FTP servers listen on port 21. When passive mode is used, then FTP opens a port that is within its configured passive port range after the initial connect:


    And in case that your intention is to force TLS for all connections, then alter the file /etc/pure-ftpd/conf/TLS and set the value to 2 on Debian and Ubuntu. On CentOS, you can find the TLS settings in the pure-ftpd.conf file instead.
  9. maumar

    maumar Member HowtoForge Supporter

    this is ok, this is working fine.
    we have a mikrotik behind server.
    Sserver has public static ip, and there is a mikrotik that recognize protocol and opens up passive ports.
    when protocol is ftps (ftp over implicit/explicit tls) mikrotik is not able to recognize protocol.
    so we need ftps on port 990 on server, so we can point filezilla toward port 990 and we opens mikrotik on connections toward port 990
    We are not able to have pure-ftpd listening on port 990, this is the issue
    I hope this is not too much confusive
    many regards
  10. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    If you only want to use a different port (debian/ubuntu), do:
    echo ",990" > /etc/pure-ftpd/conf/Bind

Share This Page