LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-27-2006, 04:36 PM   #1
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Rep: Reputation: 30
Proftpd error 425 after TLS.


I'm running Proftpd on my Fedora 5 server, all was going well, but I was not satisfied with the security. To solve this, I used mod_tls. Now when I try to connect, it logs in to the user fine, but then I get an error. Here is the output:
Code:
220 FTP Server ready.
       AUTH TLS
234 AUTH TLS successful
       PBSZ 0
200 PBSZ 0 successful
       USER admin
331 Password required for admin.
       PASS (password not shown)
230 User admin logged in.
       PWD
257 "/" is current directory.
       TYPE A
200 Type set to A
       PROT P
200 Protection set to Private
       CWD /
250 CWD command successful
       PORT 192,168,0,103,10,105
200 PORT command successful
       LIST
150 Opening ASCII mode data connection for file list
       QUIT
425 Unable to build data connection: Operation not permitted
221 Goodbye.
Unable to make a connection. Please try again.
Thanks for any help.
 
Old 04-27-2006, 07:32 PM   #2
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534

Rep: Reputation: 100Reputation: 100
Try to log in with lftp. This client is very complete from the security capabilities point of view.
 
Old 04-28-2006, 07:29 AM   #3
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Original Poster
Rep: Reputation: 30
Thanks, I'll try this out later when I get home, but just for testing. I need to get the FireFTP extension in Firefox to work. This FTP server needs to be easy to use for every one, and this is one of the easiest to use cross platform FTP clients.
 
Old 04-28-2006, 05:38 PM   #4
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Original Poster
Rep: Reputation: 30
Lftp worked perfectly. But if it matters, I was running lftp locally (through SSH) on the server, not over the network.

EDIT: Actually, I don't think I connected with ftps. This probably sounds stupid, but how do you connect with ftps in lftp

EDIT(Again): OK, I figured it out. When using FTPS, I cannot get a directory listing. Lftp does not work either.

I figured this might be a good thing to post:
Code:
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName			"FTP"
ServerIdent			on "FTP Server ready."
ServerAdmin			
ServerType			standalone
#ServerType			inetd
DefaultServer			on
AccessGrantMsg			"User %u logged in."
#DisplayConnect			/etc/ftpissue
#DisplayLogin			/etc/ftpmotd
#DisplayGoAway			/etc/ftpgoaway
DeferWelcome			off

# Use this to excude users from the chroot
DefaultRoot			~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig			proftpd
AuthOrder			mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups			off
UseReverseDNS			off

# Port 21 is the standard FTP port.
Port				21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# Default to show dot files in directory listings
ListOptions			"-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228		off
#RootLogin			off
#LoginPasswordPrompt		on
#MaxLoginAttempts		3
#MaxClientsPerHost		none
#AllowForeignAddress		off	# For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart		on
AllowStoreRestart		on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			20

# Set the user and group that the server normally runs at.
User				nobody
Group				nobody

# This is where we want to put the pid file
ScoreboardFile			/var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite		yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

# Define the log formats
LogFormat			default	"%h %l %u %t \"%r\" %s %b"
LogFormat			auth	"%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
TLSEngine			on
TLSRequired		        off
TLSRSACertificateFile		/usr/share/ssl/certs/proftpd.pem
TLSRSACertificateKeyFile	/usr/share/ssl/certs/proftpd.pem
TLSCipherSuite			ALL:!ADH:!DES
TLSOptions			NoCertRequest
TLSVerifyClient		off
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
TLSLog				/var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User				ftp
#  Group				ftp
#  AccessGrantMsg		"Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias			anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients			10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir			/pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files. 
#  DisplayLogin			/welcome.msg
#  DisplayFirstChdir		.message
#  DisplayReadme			README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser			on ftp
#  DirFakeGroup			on ftp
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite		no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog			off
#
#  # Logging for the anonymous transfers
#  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog		/var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

Last edited by pdeman2; 04-28-2006 at 06:39 PM.
 
Old 04-30-2006, 04:23 PM   #5
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Original Poster
Rep: Reputation: 30
Bump......
 
Old 05-01-2006, 08:22 PM   #6
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Original Poster
Rep: Reputation: 30
Bump......
 
Old 05-01-2006, 08:33 PM   #7
Linux.tar.gz
Senior Member
 
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534

Rep: Reputation: 100Reputation: 100
Well i don't use ProFTP, but if you want security, take a look at vsftp, it's the Very Secure Ftp, and that's the server that runs kernel.org. I successfully did a fully encrypted connection + data with it.
 
Old 05-01-2006, 08:49 PM   #8
pdeman2
Member
 
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413

Original Poster
Rep: Reputation: 30
Thanks. I'll take a look.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftpd and SSL/TLS mikeheggy Linux - Networking 3 12-19-2008 10:01 AM
Proftpd+SSL/TLS no folder listing g0ug0u Linux - Software 3 11-30-2007 11:30 AM
FTP 425 Error dnrct AIX 2 10-12-2004 06:59 PM
vsftpd 425 error raven282 Linux - Networking 7 06-21-2003 01:09 AM
vsftpd 425 bad ip error raven282 Linux - Software 2 05-01-2003 03:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration