LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   vsFTPd - SSL connection and dynamic SSL ports (https://www.linuxquestions.org/questions/linux-server-73/vsftpd-ssl-connection-and-dynamic-ssl-ports-248775/)

toxoplasme 10-29-2004 11:23 AM

vsFTPd - SSL connection and dynamic SSL ports
 
Hi all,
at the moment I have successfully configured my vsFTPd with SSL conection.
My problem is that i can access it only on local network by invoking 192.168.123.252 but when I want to access it from outside with mydomain.com:21 the connection begin but no file appera in the listing...

As I have see, SSL conection take a random port to negociate encryption, sometime 45699 sometime other, but never the same.
So I can not configure my router to forward these port because they are dynamic!

So the question is:
is there a way to configure vsFTPd or OpenSSL to use always the same SSL port???
In this way i will be able to program my router for port forwarding and i suppose my problem will be solved

I use vsFTPD 2.02 (pre-release) but also same prob on 2.01

Thanks all

dominant 10-29-2004 12:24 PM

What is the default port for the ftp-ssl service?

toxoplasme 10-29-2004 02:23 PM

Don't know
 
I don't know... but i would like to know ;)

dominant 10-30-2004 03:51 AM

Is there any option in the vsftpd.conf for changing the default port or not?

toxoplasme 10-31-2004 03:43 AM

no
 
no, not find anything...

toxoplasme 11-06-2004 06:58 AM

Find solution!!!
 
For those who are interested by the solution:

You just have to set this:

pasv_min_port=15000
pasv_max_port=15000

Open the port 15000 on your router (NAT/Firewall) and that's all!

PS: You have to set your client in "passive" mode...

dominant 11-06-2004 07:03 AM

Well , the port you have to open on the servers firewall is 15000 ?

toxoplasme 11-06-2004 07:12 AM

Yes
 
Yes, if you define

pasv_min_port=15000
pasv_min_port=15000
You have to forward the port 15000 in your router

if
pasv_min_port=42563
pasv_min_port=42563
You have to forward the port 42563 in your router,aso...

or other exemple you can define a range
pasv_min_port=15000
pasv_min_port=15005
You have to forward the port 15000 to 15005 in your router

The only thing important is that the port number must be > 1024
To resume, ssl connection is done with the "passive" port of a normal connection

Remarque:
If you define only one port like I have done, you will be able to connect several client at the same time thrue this single port, no need to open one port per client!

So now my client connect to mydomain:21 and ssl encryption is done thrue 15000 port
My router forward port 21/15000 to my server 192.168.1.254

I use also webdrive for the connection that work great!!!
Webdrive

http://www.southrivertech.com/images/wd/mapdesktop.gif

dominant 11-06-2004 01:02 PM

well, can any of the ordinaries ftp clients connected to the ftp-ssl (like ftp alone)?

RMLinux 08-22-2008 10:37 PM

in redhat look for etc/services file...those are the list of available ports.

billymayday 08-22-2008 10:42 PM

Why did you post that on a 4 year old thread?


That isn't what /etc/services is in any case

win32sux 08-22-2008 10:50 PM

And on that note, I'm zapping this zombie thread.

I'm also filing it away in Server, as it wasn't ever a security issue.


All times are GMT -5. The time now is 09:55 AM.