vsFTPd - SSL connection and dynamic SSL ports

toxoplasme · 10-29-2004, 12:23 PM

Hi all,
at the moment I have successfully configured my vsFTPd with SSL conection.
My problem is that i can access it only on local network by invoking 192.168.123.252 but when I want to access it from outside with mydomain.com:21 the connection begin but no file appera in the listing...

As I have see, SSL conection take a random port to negociate encryption, sometime 45699 sometime other, but never the same.
So I can not configure my router to forward these port because they are dynamic!

So the question is:
is there a way to configure vsFTPd or OpenSSL to use always the same SSL port???
In this way i will be able to program my router for port forwarding and i suppose my problem will be solved

I use vsFTPD 2.02 (pre-release) but also same prob on 2.01

Thanks all

dominant · 10-29-2004, 01:24 PM

What is the default port for the ftp-ssl service?

toxoplasme · 10-29-2004, 03:23 PM

I don't know... but i would like to know

dominant · 10-30-2004, 04:51 AM

Is there any option in the vsftpd.conf for changing the default port or not?

toxoplasme · 10-31-2004, 04:43 AM

no, not find anything...

toxoplasme · 11-06-2004, 07:58 AM

For those who are interested by the solution:

You just have to set this:

pasv_min_port=15000
pasv_max_port=15000

Open the port 15000 on your router (NAT/Firewall) and that's all!

PS: You have to set your client in "passive" mode...

dominant · 11-06-2004, 08:03 AM

Well , the port you have to open on the servers firewall is 15000 ?

toxoplasme · 11-06-2004, 08:12 AM

Yes, if you define

pasv_min_port=15000
pasv_min_port=15000
You have to forward the port 15000 in your router

if
pasv_min_port=42563
pasv_min_port=42563
You have to forward the port 42563 in your router,aso...

or other exemple you can define a range
pasv_min_port=15000
pasv_min_port=15005
You have to forward the port 15000 to 15005 in your router

The only thing important is that the port number must be > 1024
To resume, ssl connection is done with the "passive" port of a normal connection

Remarque:
If you define only one port like I have done, you will be able to connect several client at the same time thrue this single port, no need to open one port per client!

So now my client connect to mydomain:21 and ssl encryption is done thrue 15000 port
My router forward port 21/15000 to my server 192.168.1.254

I use also webdrive for the connection that work great!!!
Webdrive

http://www.southrivertech.com/images/wd/mapdesktop.gif

dominant · 11-06-2004, 02:02 PM

well, can any of the ordinaries ftp clients connected to the ftp-ssl (like ftp alone)?

RMLinux · 08-22-2008, 11:37 PM

in redhat look for etc/services file...those are the list of available ports.

billymayday · 08-22-2008, 11:42 PM

Why did you post that on a 4 year old thread?

That isn't what /etc/services is in any case

win32sux · 08-22-2008, 11:50 PM

And on that note, I'm zapping this zombie thread.

I'm also filing it away in Server, as it wasn't ever a security issue.