Hello,
Thank. Port 990, is the default (filezilla). By the way, using firewall-config. In public zone service ssh is check but not ftp. Am I supposed to check ftp? The port for ftp is 21 (I guess default). There is no service ftps, do I need to create it? I can easy create port 990, but I not know how to create service ftps associated to a port!
Sorry for my poor background in this stuff.
Am 07.09.2013 01:09, schrieb Patrick Dupre:
----- Original Message ----- From: Reindl Harald Sent: 09/07/13 12:48 AM To: Community support for Fedora users Subject: Re: tls
Am 07.09.2013 00:43, schrieb Patrick Dupre:
I installed pure-ftpd on my machine to use the TLS protocle. I followed the instructions given in: http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-o...
but I still cannot ftp by using ftps (filezilla)
be explicit - you can not connect or you can not list folders and transfer data
Status: Connecting to 193.49.194.196:990... Status: Connection attempt failed with "EHOSTUNREACH - No route to host". Error: Could not connect to server
why port 990?
even if the port would be correct you need a) verify on which ports your daemon is listening (man netstat) b) make sure that ports are open
AFAIK it is using STARTTLS http://en.wikipedia.org/wiki/STARTTLS
http://slacksite.com/other/ftp.html conatins basics about FTP
Do I need to configure the firewall to open the port?
you need to open the passive port-range in the firewall by hand "nf_conntrack_ftp" as any other DPI can not work with encrypted streams
This, I do not know what to do: I do not see any nf_conntrack_ftp in public service or in selinux
man iptables
if you do not specify "PassivePortRange" the passive port can be anything between 1024 and 65535 and if you do use active FTP mode than you need to setup the firewall on the client properly - at the end of the day it doe snot matter who is chosing the random port for the data connection and the otehr side has to open this port
to understand what you are doing i posted
http://slacksite.com/other/ftp.html conatins basics about FTP
only few people (inclduing a lot of professional amdins) do understand FTP really
=========================================================================== Patrick DUPRÉ | | email: pdupre@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France ===========================================================================
Am 07.09.2013 16:28, schrieb Patrick Dupre:
Hello,
Thank. Port 990, is the default (filezilla).
says who?
https://wiki.filezilla-project.org/SSL/TLS
Client Setup For a client to connect to a server using SSL, then the host for that connection needs to be set to FTPS. In FileZilla client this means prefixing the host with "FTPES://" for "explicit" FTPS, or "FTPS://" for the legacy "implicit" FTPS.
Explicit vs Implicit FTPS FTPS (SSL/TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal FTP port and explicitly switches into secure (SSL/TLS) mode with "AUTH TLS", whereas implicit FTPS is an older style service that assumes SSL/TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21). In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990).
By the way, using firewall-config. In public zone service ssh is check but not ftp. Am I supposed to check ftp? The port for ftp is 21 (I guess default). There is no service ftps, do I need to create it? I can easy create port 990, but I not know how to create service ftps associated to a port!
Sorry for my poor background in this stuff.
no idea i use iptables.service and completly hadn-written rules everywhere
Am 07.09.2013 01:09, schrieb Patrick Dupre:
----- Original Message ----- From: Reindl Harald Sent: 09/07/13 12:48 AM To: Community support for Fedora users Subject: Re: tls
Am 07.09.2013 00:43, schrieb Patrick Dupre:
I installed pure-ftpd on my machine to use the TLS protocle. I followed the instructions given in: http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-o...
but I still cannot ftp by using ftps (filezilla)
be explicit - you can not connect or you can not list folders and transfer data
Status: Connecting to 193.49.194.196:990... Status: Connection attempt failed with "EHOSTUNREACH - No route to host". Error: Could not connect to server
why port 990?
even if the port would be correct you need a) verify on which ports your daemon is listening (man netstat) b) make sure that ports are open
AFAIK it is using STARTTLS http://en.wikipedia.org/wiki/STARTTLS
http://slacksite.com/other/ftp.html conatins basics about FTP
Do I need to configure the firewall to open the port?
you need to open the passive port-range in the firewall by hand "nf_conntrack_ftp" as any other DPI can not work with encrypted streams
This, I do not know what to do: I do not see any nf_conntrack_ftp in public service or in selinux
man iptables
if you do not specify "PassivePortRange" the passive port can be anything between 1024 and 65535 and if you do use active FTP mode than you need to setup the firewall on the client properly - at the end of the day it doe snot matter who is chosing the random port for the data connection and the otehr side has to open this port
to understand what you are doing i posted
http://slacksite.com/other/ftp.html conatins basics about FTP
only few people (inclduing a lot of professional amdins) do understand FTP really
-
Patrick Dupre -
Reindl Harald