Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Pure-ftpd, passive mode, tls
Operating Systems Linux Debian Pure-ftpd, passive mode, tls Post 302867207 by sedlis on Wednesday 23rd of October 2013 04:29:02 PM
Old 10-23-2013
Quote:
Originally Posted by linuxjunkie
Hi

Dont use this /etc/pure-ftpd/conf/ForcePassiveIP.

Do the setup so local users can connect. The problem is with your firewall blocking the connection from the out side.

Check your firewall NAT settings, you need to point the external address the user is using to the internal address of the ftp server and tell it to open port 21 for the ftp server.
Hi, maybe stupid question, but setup nat on server where ftp are or setup router on ISP side ? Thx you

---------- Post updated at 03:29 PM ---------- Previous update was at 03:27 PM ----------

Because I have got already 21 port open. But problem is only when I want go from outside in passive mode with tls.
Last edited by sedlis; 10-23-2013 at 05:28 PM.. Reason: add information
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

passive ftp problem

Hello! Im having a strange problem. Im getting "Possible PASV port theft, cannot open data connection" when i try to ftp from one machine to another. This dosent happen everytime, only once in a while. Ive checked the firewall, and everything is open betwen client -> server, no restrictions... (1 Reply)
Discussion started by: dozy
1 Replies

2. UNIX Desktop Questions & Answers

how to check if a file ftpd to mainframe was actually ftpd

Hi All, I am ftping a file from unix to mainframe. Now the problem arises that i want to check if the file was ftpd or not. Is there any way i could do this? (4 Replies)
Discussion started by: vikas.rao11
4 Replies

3. Shell Programming and Scripting

error while passive ftp file transfer

hi i am doing a passive ftp file transfer . during that i got the following error. "ftp> put FTPS_MAILBOX local: FTPS_MAILBOX remote: FTPS_MAILBOX 421 Service not available, remote server has closed connection Passive mode refused. Turning off passive mode. No control connection for... (1 Reply)
Discussion started by: Satyak
1 Replies

4. AIX

AIX HACMP Active/Passive Config

I have a HACMP 6.1 configured in a active/passive. I have 1 NIC with 3 IP address on (Boot, Persistent and Service ) . All address are routable. One of the application on the HA cluster is also using Boot Ip to send application data. Question : Since all the traffic is passing thru the same... (3 Replies)
Discussion started by: mk8570
3 Replies

5. AIX

ftp connect in passive mode , ftp settings

how to connect to ftp server in passive mode? ftp server.abc and how can i see ftp settings, doesn't exist some ftpd.conf there is some other file where i check the options and configurations of ftp server? Thanks (3 Replies)
Discussion started by: prpkrk
3 Replies

6. IP Networking

vsftp | active and passive ftp | iptables

I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop. In active mode : 20,21 must be open from server site. 1023 and over must be open at client site. In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies

7. SuSE

Pure-FTPd [TLS] Login problem

Hello everybody Recently I installed Pure-FTPd and i tried to connect to my server and i try to login using my ID/PW i got always anonymous login.... here what i got, # ftp ftp> open localhost Trying 127.0.0.1... Connected to localhost. 220---------- Welcome to Pure-FTPd ----------... (0 Replies)
Discussion started by: hael
0 Replies

8. Solaris

How to configure CUPS on Solaris 11.3 - TLS and no TLS?

We are implementing CUPS on a new Solaris 11.3 system. The same system will run an application where users can print to networked printers inside our organisation, or to a printer outside of our organisation over the internet. For users printing to internal network printers, no encryption is... (0 Replies)
Discussion started by: SallyB
0 Replies

LEARN ABOUT FREEBSD

ftp-proxy

FTP-PROXY(8)						    BSD System Manager's Manual 					      FTP-PROXY(8)

NAME

     ftp-proxy -- Internet File Transfer Protocol proxy daemon

SYNOPSIS

     ftp-proxy [-6Adrv] [-a address] [-b address] [-D level] [-m maxsessions] [-P port] [-p port] [-q queue] [-R address] [-T tag] [-t timeout]

DESCRIPTION

     ftp-proxy is a proxy for the Internet File Transfer Protocol.  FTP control connections should be redirected into the proxy using the pf(4)
     rdr command, after which the proxy connects to the server on behalf of the client.

     The proxy allows data connections to pass, rewriting and redirecting them so that the right addresses are used.  All connections from the
     client to the server have their source address rewritten so they appear to come from the proxy.  Consequently, all connections from the
     server to the proxy have their destination address rewritten, so they are redirected to the client.  The proxy uses the pf(4) anchor facility
     for this.

     Assuming the FTP control connection is from $client to $server, the proxy connected to the server using the $proxy source address, and $port
     is negotiated, then ftp-proxy adds the following rules to the various anchors.  (These example rules use inet, but the proxy also supports
     inet6.)

     In case of active mode (PORT or EPRT):

       rdr from $server to $proxy port $port -> $client
       pass quick inet proto tcp 
	   from $server to $client port $port

     In case of passive mode (PASV or EPSV):

       nat from $client to $server port $port -> $proxy
       pass in quick inet proto tcp 
	   from $client to $server port $port
       pass out quick inet proto tcp 
	   from $proxy to $server port $port

     The options are as follows:

     -6      IPv6 mode.  The proxy will expect and use IPv6 addresses for all communication.  Only the extended FTP modes EPSV and EPRT are
	     allowed with IPv6.  The proxy is in IPv4 mode by default.

     -A      Only permit anonymous FTP connections.  Either user "ftp" or user "anonymous" is allowed.

     -a address
	     The proxy will use this as the source address for the control connection to a server.

     -b address
	     Address where the proxy will listen for redirected control connections.  The default is 127.0.0.1, or ::1 in IPv6 mode.

     -D level
	     Debug level, ranging from 0 to 7.	Higher is more verbose.  The default is 5.  (These levels correspond to the syslog(3) levels.)

     -d      Do not daemonize.	The process will stay in the foreground, logging to standard error.

     -m maxsessions
	     Maximum number of concurrent FTP sessions.  When the proxy reaches this limit, new connections are denied.  The default is 100 ses-
	     sions.  The limit can be lowered to a minimum of 1, or raised to a maximum of 500.

     -P port
	     Fixed server port.  Only used in combination with -R.  The default is port 21.

     -p port
	     Port where the proxy will listen for redirected connections.  The default is port 8021.

     -q queue
	     Create rules with queue queue appended, so that data connections can be queued.

     -R address
	     Fixed server address, also known as reverse mode.	The proxy will always connect to the same server, regardless of where the client
	     wanted to connect to (before it was redirected).  Use this option to proxy for a server behind NAT, or to forward all connections to
	     another proxy.

     -r      Rewrite sourceport to 20 in active mode to suit ancient clients that insist on this RFC property.

     -T tag  The filter rules will add tag tag to data connections, and not match quick.  This way alternative rules that use the tagged keyword
	     can be implemented following the ftp-proxy anchor.  These rules can use special pf(4) features like route-to, reply-to, label,
	     rtable, overload, etc. that ftp-proxy does not implement itself.

     -t timeout
	     Number of seconds that the control connection can be idle, before the proxy will disconnect.  The maximum is 86400 seconds, which is
	     also the default.	Do not set this too low, because the control connection is usually idle when large data transfers are taking
	     place.

     -v      Set the 'log' flag on pf rules committed by ftp-proxy.  Use twice to set the 'log-all' flag.  The pf rules do not log by default.

CONFIGURATION

     To make use of the proxy, pf.conf(5) needs the following rules.  All anchors are mandatory.  Adjust the rules as needed.

     In the NAT section:

       nat-anchor "ftp-proxy/*"
       rdr-anchor "ftp-proxy/*"
       rdr pass on $int_if proto tcp from $lan to any port 21 -> 
	   127.0.0.1 port 8021

     In the rule section:

       anchor "ftp-proxy/*"
       pass out proto tcp from $proxy to any port 21

SEE ALSO

     ftp(1), pf(4), pf.conf(5)

CAVEATS

     pf(4) does not allow the ruleset to be modified if the system is running at a securelevel(7) higher than 1.  At that level ftp-proxy cannot
     add rules to the anchors and FTP data connections may get blocked.

     Negotiated data connection ports below 1024 are not allowed.

     The negotiated IP address for active modes is ignored for security reasons.  This makes third party file transfers impossible.

     ftp-proxy chroots to "/var/empty" and changes to user "proxy" to drop privileges.

BSD
								 February 26, 2008							       BSD
All times are GMT -4. The time now is 03:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy