tls

Sat Sep 7 16:22:54 UTC 2013

Am 07.09.2013 16:28, schrieb Patrick Dupre:
> Hello,
> 
> Thank.
> Port 990, is the default (filezilla).

says who?

https://wiki.filezilla-project.org/SSL/TLS

Client Setup
For a client to connect to a server using SSL, then the host for that connection needs to be set to FTPS. In
FileZilla client this means prefixing the host with "FTPES://" for "explicit" FTPS, or "FTPS://" for the legacy
"implicit" FTPS.

Explicit vs Implicit FTPS
FTPS (SSL/TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal
FTP port and explicitly switches into secure (SSL/TLS) mode with "AUTH TLS", whereas implicit FTPS is an older
style service that assumes SSL/TLS mode right from the start of the connection (and normally listens on TCP port
990, rather than 21). In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit"
FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to
990).

> By the way, using firewall-config.
> In public zone service ssh is check but not ftp. Am I supposed to check ftp?
> The port for ftp is 21 (I guess default).
> There is no service ftps, do I need to create it?
> I can easy create port 990, but I not know how to create service ftps
> associated to a port!
> 
> Sorry for my poor background in this stuff.

no idea i use iptables.service and completly hadn-written rules everywhere

>> Am 07.09.2013 01:09, schrieb Patrick Dupre:
>>>> ----- Original Message -----
>>>> From: Reindl Harald
>>>> Sent: 09/07/13 12:48 AM
>>>> To: Community support for Fedora users
>>>> Subject: Re: tls
>>>>
>>>> Am 07.09.2013 00:43, schrieb Patrick Dupre:
>>>>> I installed pure-ftpd on my machine to use the TLS protocle.
>>>>> I followed the instructions given in:
>>>>> http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-fedora-18
>>>>>
>>>>> but I still cannot ftp by using ftps (filezilla)
>>>>
>>>> be explicit - you can not connect or you can not list folders and transfer data
>>> Status: Connecting to 193.49.194.196:990...
>>> Status: Connection attempt failed with "EHOSTUNREACH - No route to host".
>>> Error: Could not connect to server
>>
>> why port 990?
>>
>> even if the port would be correct you need
>> a) verify on which ports your daemon is listening (man netstat)
>> b) make sure that ports are open
>>
>> AFAIK it is using STARTTLS
>> http://en.wikipedia.org/wiki/STARTTLS
>>
>>>> http://slacksite.com/other/ftp.html conatins basics about FTP
>>>>
>>>>> Do I need to configure the firewall to open the port?
>>>>
>>>> you need to open the passive port-range in the firewall by hand
>>>> "nf_conntrack_ftp" as any other DPI can not work with encrypted streams
>>> This, I do not know what to do:
>>> I do not see any nf_conntrack_ftp in public service or in selinux
>>
>> man iptables
>>
>> if you do not specify "PassivePortRange" the passive port can be anything
>> between 1024 and 65535 and if you do use active FTP mode than you need
>> to setup the firewall on the client properly - at the end of the day it
>> doe snot matter who is chosing the random port for the data connection
>> and the otehr side has to open this port
>>
>> to understand what you are doing i posted
>>>> http://slacksite.com/other/ftp.html conatins basics about FTP
>>
>> only few people (inclduing a lot of professional amdins) do understand FTP really

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130907/d2893542/attachment-0001.sig>