LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-30-2005, 03:01 PM   #1
dancinfrandsen
LQ Newbie
 
Registered: Mar 2005
Distribution: Fedora Core 3
Posts: 1

Rep: Reputation: 0
Problem: VSFTPD using SSL through firewall


VSFTPD + SSL + firewall + me = doesn't work. I just installed Fedora Core 3 on a box in a DMZ. I can vsftp into that box from another pc in the DMZ just fine. When I try from outside I get the error - 530 non-anonymous sessions must use encryption. When I comment out all the SSL directives in vsftpd.conf, it works fine from anywhere. Here is my vsftpd.conf:

anonymous_enable=NO
local_enable=YES
write_enable=YES
download_enable=NO
local_umask=077
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
log_ftp_protocol=YES
dual_log_enable=YES
use_localtime=YES
idle_session_timeout=300
data_connection_timeout=120
ftpd_banner=Welcome
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem

On the firewall, I have a NAT to the FTP server and I have opened ports 20 and 21 in all directions.

The FTP log shows this for the pc outside the DMZ:
Wed Mar 30 12:39:07 2005 [pid 4128] CONNECT: Client "10.30.10.20"
Wed Mar 30 19:39:07 2005 [pid 4128] FTP response: Client "10.30.10.20", "220 Welcome"
Wed Mar 30 19:39:07 2005 [pid 4128] FTP command: Client "10.30.10.20", "USER galileo"
Wed Mar 30 19:39:07 2005 [pid 4128] [galileo] FTP response: Client "10.30.10.20", "530 Non-anonymous sessions must use encryption."

and this for the pc inside the DMZ:
Wed Mar 30 11:27:13 2005 [pid 3756] CONNECT: Client "192.168.0.3"
Wed Mar 30 18:27:13 2005 [pid 3756] FTP response: Client "192.168.0.3", "220 Welcome"
Wed Mar 30 18:27:13 2005 [pid 3756] FTP command: Client "192.168.0.3", "AUTH TLS"
Wed Mar 30 18:27:13 2005 [pid 3756] FTP response: Client "192.168.0.3", "234 Proceed with negotiation."
Wed Mar 30 18:27:14 2005 [pid 3756] FTP command: Client "192.168.0.3", "USER galileo"
Wed Mar 30 18:27:14 2005 [pid 3756] [galileo] FTP response: Client "192.168.0.3", "331 Please specify the password."
Wed Mar 30 18:27:14 2005 [pid 3756] [galileo] FTP command: Client "192.168.0.3", "PASS <password>"
Wed Mar 30 11:27:14 2005 [pid 3755] [galileo] OK LOGIN: Client "192.168.0.3"
Wed Mar 30 11:27:14 2005 [pid 3757] [galileo] FTP response: Client "192.168.0.3", "230 Login successful."
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP command: Client "192.168.0.3", "PWD"
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP response: Client "192.168.0.3", "257 "/""
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP command: Client "192.168.0.3", "PBSZ 0"
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP response: Client "192.168.0.3", "200 PBSZ set to 0."
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP command: Client "192.168.0.3", "PRET LIST "
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP response: Client "192.168.0.3", "500 Unknown command."
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP command: Client "192.168.0.3", "PASV"
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP response: Client "192.168.0.3", "227 Entering Passive Mode (192,168,0,2,189,181)"
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP command: Client "192.168.0.3", "LIST"
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP response: Client "192.168.0.3", "150 Here comes the directory listing."
Wed Mar 30 18:27:14 2005 [pid 3757] [galileo] FTP response: Client "192.168.0.3", "226 Directory send OK."

Also, I have used gftp and lftp clients inside the DMZ, and I have used lftp and smartFTP outside.

Are there additional ports that I need to open, or anything else that I am missing? Any assistance will be greatly appreciated. Please format answers in newbie-speak, thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Vsftpd + SSL + Passive = Listing problem subspawn Linux - Software 15 08-03-2010 07:19 PM
vsFTPd - SSL connection and dynamic SSL ports toxoplasme Linux - Server 11 08-22-2008 10:50 PM
vsftpd + ssl lord-fu Linux - Software 2 11-22-2005 07:16 PM
problem building vsFTPD withh ssl support manuelle_slow Linux - Software 0 09-12-2005 09:14 AM
SuSE vsftpd ssl problem phesse Linux - Software 0 03-09-2005 08:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration