tls

Reindl Harald h.reindl at thelounge.net
Fri Sep 6 23:16:57 UTC 2013 

Am 07.09.2013 01:09, schrieb Patrick Dupre:
>> ----- Original Message -----
>> From: Reindl Harald
>> Sent: 09/07/13 12:48 AM
>> To: Community support for Fedora users
>> Subject: Re: tls
>>
>> Am 07.09.2013 00:43, schrieb Patrick Dupre:
>>> I installed pure-ftpd on my machine to use the TLS protocle.
>>> I followed the instructions given in:
>>> http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-fedora-18
>>>
>>> but I still cannot ftp by using ftps (filezilla)
>>
>> be explicit - you can not connect or you can not list folders and transfer data
> Status: Connecting to 193.49.194.196:990...
> Status: Connection attempt failed with "EHOSTUNREACH - No route to host".
> Error: Could not connect to server

why port 990?

even if the port would be correct you need
a) verify on which ports your daemon is listening (man netstat)
b) make sure that ports are open

AFAIK it is using STARTTLS
http://en.wikipedia.org/wiki/STARTTLS

>> http://slacksite.com/other/ftp.html conatins basics about FTP
>>
>>> Do I need to configure the firewall to open the port?
>>
>> you need to open the passive port-range in the firewall by hand
>> "nf_conntrack_ftp" as any other DPI can not work with encrypted streams
> This, I do not know what to do:
> I do not see any nf_conntrack_ftp in public service or in selinux

man iptables

if you do not specify "PassivePortRange" the passive port can be anything
between 1024 and 65535 and if you do use active FTP mode than you need
to setup the firewall on the client properly - at the end of the day it
doe snot matter who is chosing the random port for the data connection
and the otehr side has to open this port

to understand what you are doing i posted
>> http://slacksite.com/other/ftp.html conatins basics about FTP

only few people (inclduing a lot of professional amdins) do understand FTP really

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130907/55881800/attachment-0001.sig>

More information about the users mailing list