tls

Patrick Dupre pdupre at gmx.com
Sat Sep 7 14:28:32 UTC 2013 

Hello,

Thank.
Port 990, is the default (filezilla).
By the way, using firewall-config.
In public zone service ssh is check but not ftp. Am I supposed to check ftp?
The port for ftp is 21 (I guess default).
There is no service ftps, do I need to create it?
I can easy create port 990, but I not know how to create service ftps
associated to a port!

Sorry for my poor background in this stuff.

> 
> Am 07.09.2013 01:09, schrieb Patrick Dupre:
> >> ----- Original Message -----
> >> From: Reindl Harald
> >> Sent: 09/07/13 12:48 AM
> >> To: Community support for Fedora users
> >> Subject: Re: tls
> >>
> >> Am 07.09.2013 00:43, schrieb Patrick Dupre:
> >>> I installed pure-ftpd on my machine to use the TLS protocle.
> >>> I followed the instructions given in:
> >>> http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-fedora-18
> >>>
> >>> but I still cannot ftp by using ftps (filezilla)
> >>
> >> be explicit - you can not connect or you can not list folders and transfer data
> > Status: Connecting to 193.49.194.196:990...
> > Status: Connection attempt failed with "EHOSTUNREACH - No route to host".
> > Error: Could not connect to server
> 
> why port 990?
> 
> even if the port would be correct you need
> a) verify on which ports your daemon is listening (man netstat)
> b) make sure that ports are open
> 
> AFAIK it is using STARTTLS
> http://en.wikipedia.org/wiki/STARTTLS
> 
> >> http://slacksite.com/other/ftp.html conatins basics about FTP
> >>
> >>> Do I need to configure the firewall to open the port?
> >>
> >> you need to open the passive port-range in the firewall by hand
> >> "nf_conntrack_ftp" as any other DPI can not work with encrypted streams
> > This, I do not know what to do:
> > I do not see any nf_conntrack_ftp in public service or in selinux
> 
> man iptables
> 
> if you do not specify "PassivePortRange" the passive port can be anything
> between 1024 and 65535 and if you do use active FTP mode than you need
> to setup the firewall on the client properly - at the end of the day it
> doe snot matter who is chosing the random port for the data connection
> and the otehr side has to open this port
> 
> to understand what you are doing i posted
> >> http://slacksite.com/other/ftp.html conatins basics about FTP
> 
> only few people (inclduing a lot of professional amdins) do understand FTP really


===========================================================================
 Patrick DUPRÉ                                 | | email: pdupre at gmx.com
 Laboratoire de Physico-Chimie de l'Atmosphère | |
 Université du Littoral-Côte d'Opale           | |
 Tel.  (33)-(0)3 28 23 76 12                   | | Fax: 03 28 65 82 44
 189A, avenue Maurice Schumann                 | | 59140 Dunkerque, France
===========================================================================

More information about the users mailing list