Re: tls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 09/07/2013 05:16 AM, Rick Stevens wrote:
> On 09/06/2013 03:43 PM, Patrick Dupre issued this missive:
>> Hello,
>>
>> I installed pure-ftpd on my machine to use the TLS protocle.
>> I followed the instructions given in:
>> http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-fedora-18
>>
>> TLS Â  Â  Â  Â  Â  Â  Â  Â  2
>>
>> but I still cannot ftp by using ftps (filezilla).
>>
>> Do I need to configure the firewall to open the port?
>> in firewall-config, I do not see any tls service.
>> However, in system-config-service, I do see 2 service pure-ftpd
>> one saying that it is running and one not running (The pure-ftpd
>> service will be started on demand by the xinetd service and ends when
>> it has nothing more to do.)
>> Is it normal?
> 
> Yes, you have to modify your firewall configuration. For FTPS, you must
> allow incoming connections to port TCP port 990. To permit passive FTPS
> data, then you must also allow incoming TCP connections for a range of
> ports that the server will use for passive data connections. You must
> also tell your FTP daemon which ports those are.

If you are using iptables for firewall, you could use the  'ip_nat_ftp'
and 'ip_conntrack_ftp' module if you are behind nat, or
'ip_conntrack_ftp' module alone otherwise, for having the firewall ports
dynamically opened on demand. You specify the module to be loaded in
'/etc/sysconfig/iptables-config'.

How do you do this with the new 'firewalld' beast ? Learning about that
beast is still on my 'To Do' list. :-)

- rejy (rmc)

> 
> I'm not sure how you tell pure-ftpd which ports it can use for passive
> connections, but in vsftpd they're specified by the "pasv_min_port" and
> "passv_max_port" variables in the vsftpd.conf file.
> 
> My server allow passive FTP/FTPS data over ports 20,000-20,100, so my
> firewall allows incoming connections for TCP ports 21, 990 and
> 20000 through 20100. My vsftpd.conf file contains:
> 
>     passv_min_port=20000
>     passv_max_port=20100
> 
> And away we go.
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
> - AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
> -                                                                    -
> -          "How does that damned three seashell thing work?"         -
> -                           -- Sylvester Stallone, "Demolition Man"  -
> ----------------------------------------------------------------------


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux