Proftpd TLS configuration

gubak · 11-20-2015, 09:09 AM

Hi everyone,

I just configured proftpd (v 1.3.5) in TLS mode. I oened port 21, 443, 21 on the firewall. The FTP client I use is FileZilla.

When I try to connect and the firewall is on I get error:
"Failed to retrieve directory listing"

But when the firewall is off I can connect without problem.

Can you tell me which ports to open?

Here is the error log:

Quote:

Status: Resolving address of xxx.xxx.com
Status: Connecting to xxx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode .
Command: LIST
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing

Thank you very much

berndbausch · 11-21-2015, 01:51 AM

Passive mode requires more configuration on the firewall, as an additional, normally not predictable port is opened. You might want to google ip_conntrack_ftp, the kernel module that enables openeing that port.

serverpoint.com · 11-25-2015, 12:38 AM

It seems you can also define the passive port in the proftpd conf file using directive "PassivePorts ". Refer below link.

http://www.proftpd.org/docs/howto/NAT.html