LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-27-2004, 01:25 PM   #1
g0ug0u
LQ Newbie
 
Registered: Oct 2004
Posts: 1

Rep: Reputation: 0
Proftpd+SSL/TLS no folder listing


Hi there,
This problem is really getting on my nerves ;)


- ProFTPD Version 1.2.11rc1
- Mandrake 9.2

When I try to connect through TLS or SSL got the same problem :
In active mode :

Response: 220 ProFTPD 1.2.11rc1 Server (ProFTPD Default Installation) [192.168.0.4]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: SSL connection established. Waiting for welcome message...
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Command: USER bob
Response: 331 Password required for bob.
Command: PASS *******
Response: 230 Benvinguts a Trinquis Net
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: AUTH TLS
Response: PBSZ
Response: PROT
Response: 211 End
Command: SYST
Response: 215 UNIX Type: L8
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/home" is current directory.
Command: PORT 127,0,0,1,16,214
Response: 500 Illegal PORT command
Error: Could not retrieve directory listing


In passive mode :

(...)
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/home" is current directory.
Command: PASV
Response: 227 Entering Passive Mode (192,168,0,4,141,78).
Command: TYPE A
Response: 200 Type set to A
Command: LIST
Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.


The strange port command for active mode is because i'm behind a proxy and have to make a few tricks to get through. But, tryied with direct connection, got same problem. Tryied with Filezilla and Flashfxp, same problem too. Last thing, without encryption works fine ! FTP/SSH2 works too ! But can't get this TLS or SSL working.
Any ideas ?

Thanks for any help.
 
Old 11-07-2004, 06:28 PM   #2
Guidooke
LQ Newbie
 
Registered: Oct 2004
Location: Maastricht / Netherlands
Distribution: Debian woody
Posts: 1

Rep: Reputation: 0
I have kind of the same problem

i'm running proftpd 1.2.9 on debian woody
with few computers on a little home network with a hardware router/firewall (opened port 21/20)

when i connect proftpd on its internal hostname, there is no problem with or without ssl connection.
when i do the same with the outside hostname, its stil possible to connect to the server when i use ssl.
But can't list or change a directory.
cannot connect to a data port i think

----------------
227 Entering Passive Mode (192,168,168,5,250,43).
connecting data channel to 192.168.168.5:64043
Substituting connection address *.*.*.* for private address 192.168.168.5 from PASV
connection refused; the server would not accept an FTP connection.
PORT 192,168,168,4,11,156
500 Illegal PORT command
Port failed 500 Illegal PORT command
----------------
(*.*.*.*= my internet ip)

when i use "AllowForeignAddress on" in the proftpd.conf everything is working fine even with ssl connection
but i don't want to use this option.

I Have a @home cable connection, this problem started after my isp changed my IP.
Before, with my old ip, the ssl option worked fine on the inside and outside of my network
i checked everything if my old ip was still in any conf file or something
but i use mostly hostnames when possible in configs
I use ez-ipupdate on regular basis to update my ip to my external domain

does anyone know how to solve this problem?
 
Old 06-13-2007, 12:58 PM   #3
Ric Flomag
LQ Newbie
 
Registered: Jun 2007
Posts: 1

Rep: Reputation: 0
Post Works only on SSLv2

I have a similar problem.

The workaround i've found is to connect using SFTP (ssl_sslv2=YES in vsftpd.conf file). The two other secure modes (ssl_sslv3 and ssl_tlsv1) don't work on my setup: i can connect but directory listing does not work.

My server is CentOS 5, vsftpd 2.0.5-10.el5

----- vsftpd.conf -----
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
dirlist_enable=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=NO
ssl_sslv2=YES
ssl_sslv3=NO
rsa_cert_file=/etc/webmin/miniserv.pem
----- eof -----

Any solution to get rid of this directory listing problem on TLS is very welcome !
 
Old 11-30-2007, 12:30 PM   #4
wunderwood
LQ Newbie
 
Registered: Nov 2007
Location: Kansas City
Distribution: centos
Posts: 5

Rep: Reputation: 0
Has anyone found a solution?

I am struggling with this one at the moment. I am able to connect from certain linux servers but not others. I believe this is because some of the servers are behind a load-balancer / firewall and certain ports are being blocked, but I am not savvy enough to say for sure.
 
  


Reply

Tags
centos, centos5, ftp, ssl, tls, vsftp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftpd and SSL/TLS mikeheggy Linux - Networking 3 12-19-2008 11:01 AM
vsftpd ssl/tls jefffq Linux - Software 2 07-05-2005 07:38 PM
apache SSL/TLS overlord73 Linux - Security 3 05-12-2005 06:53 AM
FTP via SSL (TLS) embsupafly Linux - Security 2 03-02-2005 09:47 PM
SSL vs. TLS X11 Linux - Security 8 12-17-2002 04:39 PM


All times are GMT -5. The time now is 10:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration