Am 07.09.2013 16:28, schrieb Patrick Dupre: > Hello, > > Thank. > Port 990, is the default (filezilla). says who? https://wiki.filezilla-project.org/SSL/TLS Client Setup For a client to connect to a server using SSL, then the host for that connection needs to be set to FTPS. In FileZilla client this means prefixing the host with "FTPES://" for "explicit" FTPS, or "FTPS://" for the legacy "implicit" FTPS. Explicit vs Implicit FTPS FTPS (SSL/TLS) is served up in two incompatible modes. If using explicit FTPS, the client connects to the normal FTP port and explicitly switches into secure (SSL/TLS) mode with "AUTH TLS", whereas implicit FTPS is an older style service that assumes SSL/TLS mode right from the start of the connection (and normally listens on TCP port 990, rather than 21). In a FileZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990). > By the way, using firewall-config. > In public zone service ssh is check but not ftp. Am I supposed to check ftp? > The port for ftp is 21 (I guess default). > There is no service ftps, do I need to create it? > I can easy create port 990, but I not know how to create service ftps > associated to a port! > > Sorry for my poor background in this stuff. no idea i use iptables.service and completly hadn-written rules everywhere >> Am 07.09.2013 01:09, schrieb Patrick Dupre: >>>> ----- Original Message ----- >>>> From: Reindl Harald >>>> Sent: 09/07/13 12:48 AM >>>> To: Community support for Fedora users >>>> Subject: Re: tls >>>> >>>> Am 07.09.2013 00:43, schrieb Patrick Dupre: >>>>> I installed pure-ftpd on my machine to use the TLS protocle. >>>>> I followed the instructions given in: >>>>> http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-fedora-18 >>>>> >>>>> but I still cannot ftp by using ftps (filezilla) >>>> >>>> be explicit - you can not connect or you can not list folders and transfer data >>> Status: Connecting to 193.49.194.196:990... >>> Status: Connection attempt failed with "EHOSTUNREACH - No route to host". >>> Error: Could not connect to server >> >> why port 990? >> >> even if the port would be correct you need >> a) verify on which ports your daemon is listening (man netstat) >> b) make sure that ports are open >> >> AFAIK it is using STARTTLS >> http://en.wikipedia.org/wiki/STARTTLS >> >>>> http://slacksite.com/other/ftp.html conatins basics about FTP >>>> >>>>> Do I need to configure the firewall to open the port? >>>> >>>> you need to open the passive port-range in the firewall by hand >>>> "nf_conntrack_ftp" as any other DPI can not work with encrypted streams >>> This, I do not know what to do: >>> I do not see any nf_conntrack_ftp in public service or in selinux >> >> man iptables >> >> if you do not specify "PassivePortRange" the passive port can be anything >> between 1024 and 65535 and if you do use active FTP mode than you need >> to setup the firewall on the client properly - at the end of the day it >> doe snot matter who is chosing the random port for the data connection >> and the otehr side has to open this port >> >> to understand what you are doing i posted >>>> http://slacksite.com/other/ftp.html conatins basics about FTP >> >> only few people (inclduing a lot of professional amdins) do understand FTP really
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
