vsFTPd - SSL connection and dynamic SSL ports
Hi all,
at the moment I have successfully configured my vsFTPd with SSL conection. My problem is that i can access it only on local network by invoking 192.168.123.252 but when I want to access it from outside with mydomain.com:21 the connection begin but no file appera in the listing... As I have see, SSL conection take a random port to negociate encryption, sometime 45699 sometime other, but never the same. So I can not configure my router to forward these port because they are dynamic! So the question is: is there a way to configure vsFTPd or OpenSSL to use always the same SSL port??? In this way i will be able to program my router for port forwarding and i suppose my problem will be solved I use vsFTPD 2.02 (pre-release) but also same prob on 2.01 Thanks all |
What is the default port for the ftp-ssl service?
|
Don't know
I don't know... but i would like to know ;)
|
Is there any option in the vsftpd.conf for changing the default port or not?
|
no
no, not find anything...
|
Find solution!!!
For those who are interested by the solution:
You just have to set this: pasv_min_port=15000 pasv_max_port=15000 Open the port 15000 on your router (NAT/Firewall) and that's all! PS: You have to set your client in "passive" mode... |
Well , the port you have to open on the servers firewall is 15000 ?
|
Yes
Yes, if you define
pasv_min_port=15000 pasv_min_port=15000 You have to forward the port 15000 in your router if pasv_min_port=42563 pasv_min_port=42563 You have to forward the port 42563 in your router,aso... or other exemple you can define a range pasv_min_port=15000 pasv_min_port=15005 You have to forward the port 15000 to 15005 in your router The only thing important is that the port number must be > 1024 To resume, ssl connection is done with the "passive" port of a normal connection Remarque: If you define only one port like I have done, you will be able to connect several client at the same time thrue this single port, no need to open one port per client! So now my client connect to mydomain:21 and ssl encryption is done thrue 15000 port My router forward port 21/15000 to my server 192.168.1.254 I use also webdrive for the connection that work great!!! Webdrive http://www.southrivertech.com/images/wd/mapdesktop.gif |
well, can any of the ordinaries ftp clients connected to the ftp-ssl (like ftp alone)?
|
in redhat look for etc/services file...those are the list of available ports.
|
Why did you post that on a 4 year old thread?
That isn't what /etc/services is in any case |
And on that note, I'm zapping this zombie thread.
I'm also filing it away in Server, as it wasn't ever a security issue. |
All times are GMT -5. The time now is 09:55 AM. |