Am 07.09.2013 16:28, schrieb Patrick Dupre:
Hello,
Thank.
Port 990, is the default (filezilla).
says who?
https://wiki.filezilla-project.org/SSL/TLS
Client Setup
For a client to connect to a server using SSL, then the host for that connection needs to
be set to FTPS. In
FileZilla client this means prefixing the host with "FTPES://" for
"explicit" FTPS, or "FTPS://" for the legacy
"implicit" FTPS.
Explicit vs Implicit FTPS
FTPS (SSL/TLS) is served up in two incompatible modes. If using explicit FTPS, the client
connects to the normal
FTP port and explicitly switches into secure (SSL/TLS) mode with "AUTH TLS",
whereas implicit FTPS is an older
style service that assumes SSL/TLS mode right from the start of the connection (and
normally listens on TCP port
990, rather than 21). In a FileZilla client this means prefixing the host with
"FTPES://" to connect an "explicit"
FTPS server, or "FTPS://" for the legacy "implicit" server (for which
you will likely also need to set the port to
990).
By the way, using firewall-config.
In public zone service ssh is check but not ftp. Am I supposed to check ftp?
The port for ftp is 21 (I guess default).
There is no service ftps, do I need to create it?
I can easy create port 990, but I not know how to create service ftps
associated to a port!
Sorry for my poor background in this stuff.
no idea i use iptables.service and completly hadn-written rules everywhere
> Am 07.09.2013 01:09, schrieb Patrick Dupre:
>>> ----- Original Message -----
>>> From: Reindl Harald
>>> Sent: 09/07/13 12:48 AM
>>> To: Community support for Fedora users
>>> Subject: Re: tls
>>>
>>> Am 07.09.2013 00:43, schrieb Patrick Dupre:
>>>> I installed pure-ftpd on my machine to use the TLS protocle.
>>>> I followed the instructions given in:
>>>>
http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-session...
>>>>
>>>> but I still cannot ftp by using ftps (filezilla)
>>>
>>> be explicit - you can not connect or you can not list folders and transfer
data
>> Status: Connecting to 193.49.194.196:990...
>> Status: Connection attempt failed with "EHOSTUNREACH - No route to
host".
>> Error: Could not connect to server
>
> why port 990?
>
> even if the port would be correct you need
> a) verify on which ports your daemon is listening (man netstat)
> b) make sure that ports are open
>
> AFAIK it is using STARTTLS
>
http://en.wikipedia.org/wiki/STARTTLS
>
>>>
http://slacksite.com/other/ftp.html conatins basics about FTP
>>>
>>>> Do I need to configure the firewall to open the port?
>>>
>>> you need to open the passive port-range in the firewall by hand
>>> "nf_conntrack_ftp" as any other DPI can not work with encrypted
streams
>> This, I do not know what to do:
>> I do not see any nf_conntrack_ftp in public service or in selinux
>
> man iptables
>
> if you do not specify "PassivePortRange" the passive port can be anything
> between 1024 and 65535 and if you do use active FTP mode than you need
> to setup the firewall on the client properly - at the end of the day it
> doe snot matter who is chosing the random port for the data connection
> and the otehr side has to open this port
>
> to understand what you are doing i posted
>>>
http://slacksite.com/other/ftp.html conatins basics about FTP
>
> only few people (inclduing a lot of professional amdins) do understand FTP really