embsupafly
Mar 2 2005, 08:52 PM
Hello,
We are running a Linux Cpanel server with Pureftpd.
We have it set up to run secure ftp via TLS.
Whenever a user tries to login via FTP, with the TLS option checked, it presents the Secure Certificate, and asks the user if they want to accept it. Once you accept it, it waits about 30 seconds then times out.
The firewall we are using is APF. I think the firewall is stopping the connection. Actually I know it is stopping the connection because if I stop APF, the session no longer timeouts, it sucessfully connects.
What ports need to be open for FTP via TLS?
Thanks,
Eric
awood
Mar 5 2005, 07:55 PM
You will need to open port 990/tcp on your APF firewall.
facecake
Mar 6 2005, 05:32 AM
i've found ftp with tls to be quite the annoyance. so have opted to using sftp/scp or ftp tunneled via ssh
chirpy
Mar 6 2005, 05:38 AM
FTP over SSL doesn't work with a fully configured SPI firewall - it can't because of the channel encryption. You need to open up some TCP ports in the ingress port filter for the ephemeral ports used by proftpd, e.g. 30000-35000 in APF and then specify these in proftpd.conf too.
Basically, you're having to disable the SPI part for FTP over SSL ports. It does leave those ephemeral ports exposed, of course.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.