LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Closed Thread
 
Search this Thread
Old 10-29-2004, 12:23 PM   #1
toxoplasme
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Rep: Reputation: 0
vsFTPd - SSL connection and dynamic SSL ports


Hi all,
at the moment I have successfully configured my vsFTPd with SSL conection.
My problem is that i can access it only on local network by invoking 192.168.123.252 but when I want to access it from outside with mydomain.com:21 the connection begin but no file appera in the listing...

As I have see, SSL conection take a random port to negociate encryption, sometime 45699 sometime other, but never the same.
So I can not configure my router to forward these port because they are dynamic!

So the question is:
is there a way to configure vsFTPd or OpenSSL to use always the same SSL port???
In this way i will be able to program my router for port forwarding and i suppose my problem will be solved

I use vsFTPD 2.02 (pre-release) but also same prob on 2.01

Thanks all
 
Old 10-29-2004, 01:24 PM   #2
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
What is the default port for the ftp-ssl service?
 
Old 10-29-2004, 03:23 PM   #3
toxoplasme
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Don't know

I don't know... but i would like to know
 
Old 10-30-2004, 04:51 AM   #4
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
Is there any option in the vsftpd.conf for changing the default port or not?
 
Old 10-31-2004, 04:43 AM   #5
toxoplasme
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
no

no, not find anything...
 
Old 11-06-2004, 07:58 AM   #6
toxoplasme
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Thumbs up Find solution!!!

For those who are interested by the solution:

You just have to set this:

pasv_min_port=15000
pasv_max_port=15000

Open the port 15000 on your router (NAT/Firewall) and that's all!

PS: You have to set your client in "passive" mode...
 
Old 11-06-2004, 08:03 AM   #7
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
Well , the port you have to open on the servers firewall is 15000 ?
 
Old 11-06-2004, 08:12 AM   #8
toxoplasme
LQ Newbie
 
Registered: Oct 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Yes

Yes, if you define

pasv_min_port=15000
pasv_min_port=15000
You have to forward the port 15000 in your router

if
pasv_min_port=42563
pasv_min_port=42563
You have to forward the port 42563 in your router,aso...

or other exemple you can define a range
pasv_min_port=15000
pasv_min_port=15005
You have to forward the port 15000 to 15005 in your router

The only thing important is that the port number must be > 1024
To resume, ssl connection is done with the "passive" port of a normal connection

Remarque:
If you define only one port like I have done, you will be able to connect several client at the same time thrue this single port, no need to open one port per client!

So now my client connect to mydomain:21 and ssl encryption is done thrue 15000 port
My router forward port 21/15000 to my server 192.168.1.254

I use also webdrive for the connection that work great!!!
Webdrive

http://www.southrivertech.com/images/wd/mapdesktop.gif

Last edited by toxoplasme; 11-06-2004 at 08:15 AM.
 
Old 11-06-2004, 02:02 PM   #9
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
well, can any of the ordinaries ftp clients connected to the ftp-ssl (like ftp alone)?
 
Old 08-22-2008, 11:37 PM   #10
RMLinux
Member
 
Registered: Jul 2006
Posts: 224

Rep: Reputation: 31
in redhat look for etc/services file...those are the list of available ports.
 
Old 08-22-2008, 11:42 PM   #11
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Why did you post that on a 4 year old thread?


That isn't what /etc/services is in any case
 
Old 08-22-2008, 11:50 PM   #12
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
And on that note, I'm zapping this zombie thread.

I'm also filing it away in Server, as it wasn't ever a security issue.

Last edited by win32sux; 08-22-2008 at 11:57 PM.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssl and ports lord-fu Linux - Newbie 1 11-28-2005 04:39 AM
vsftpd + ssl lord-fu Linux - Software 2 11-22-2005 08:16 PM
Ssl Support For Vsftpd Not Available ? 0001001 Linux - Software 1 11-13-2005 02:34 AM
apache2 - ssl : connection via ssl interrupted ldp Linux - Software 0 10-02-2005 10:07 AM
vsftpd ssl/tls jefffq Linux - Software 2 07-05-2005 07:38 PM


All times are GMT -5. The time now is 08:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration