Hello, I recently upgrade to 10.10 and 3.0.3 and was able to get most errors resolved, but I have run into a problem after enabling TLS is PureFTP. I get the following in Filezilla Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 10:45. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Trace: CFtpControlSocket::SendNextCommand() Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 234 AUTH TLS OK. Status: Initializing TLS... Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::OnSend() I checked some of the forum posts and thought doing what bolek2000 suggests here would work: http://www.howtoforge.com/forums/showthread.php?t=39949&highlight=FTP+TLS but that didn't do the trick either. I also tried re-installing ISPC 3 and that didn't solve anything either. I have both ports 20 and 21 open and am using Active so I am at a loss. Please help, thanks, Matt
falko, I tried from a Mac and a Windows machine (one local and one remote) both with Filezilla with both active and passive. I checked the firewalls on the server and the gateway can't see anything I am missing. Below is as much and as far as I got from Filezilla. thanks in advance, Matt Status: Connecting to xxx.xxx.xx.xx:21... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 23:44. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Trace: CFtpControlSocket::SendNextCommand() Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 234 AUTH TLS OK. Status: Initializing TLS... Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::OnSend() Trace: CControlSocket:oClose(10) Trace: CFtpControlSocket::ResetOperation(74) Trace: CControlSocket::ResetOperation(74)
Did you get any errors when you created the certificate? Did you accept the default values, or did you enter your own values?
Falko, I use a linux based UTM that was scanning FTP traffic--I turned this off and was able to get more info from Filezilla--its still failing to connect but it looks like the FTP server is replying with the server's LAN ip and not the external WAN ip. I have tried active and passive modes and same issue as below. Command: PASV Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 227 Entering Passive Mode (192,168,xxx,xxx,xx,xxx) Trace: CFtpControlSocket::TransferParseResponse() Trace: code = 2 Trace: state = 2 Status: Server sent passive reply with unroutable address. Using server address instead. Trace: Reply: 192.168.xxx.xxx, peer: xxx.xxx.xxx.xxx Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::TransferSend() Trace: state = 4 Command: MLSD Trace: CTransferSocket::OnConnect Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::Failure(-53, 53) Error: GnuTLS error -53: Error in the push function. Trace: CTransferSocket::TransferEnd(3) Trace: CFtpControlSocket::TransferEnd() thanks, Matt
OK so I set ForcePassiveIP and PassivePortRange in /etc/pure-ftpd/conf/ and restarted pure-ftpd and also rebooted the server. I also opened the appropriate ports in ISPConfig and my router, but I still can't get a directory listing in Filezilla thanks, Matt The only error I can see is in Filezilla: Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,234,195) Trace: CFtpControlSocket::TransferParseResponse() Trace: code = 2 Trace: state = 2 Trace: CFtpControlSocket::SendNextCommand() Trace: CFtpControlSocket::TransferSend() Trace: state = 4 Command: MLSD Trace: CTransferSocket::OnConnect Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::Failure(-53, 53) Error: GnuTLS error -53: Error in the push function. Trace: CTransferSocket::TransferEnd(3) Trace: CFtpControlSocket::TransferEnd() Trace: CTlsSocket::OnRead() Trace: CFtpControlSocket::OnReceive() Response: 421 Timeout Trace: CFtpControlSocket::TransferParseResponse() Trace: code = 4 Trace: state = 6 Trace: CFtpControlSocket::ResetOperation(2) Trace: CControlSocket::ResetOperation(2) Trace: CFtpControlSocket:arseSubcommandResult(2) Trace: CFtpControlSocket::ListSubcommandResult() Trace: state = 3 Trace: CFtpControlSocket::ResetOperation(2) Trace: CControlSocket::ResetOperation(2) Error: Failed to retrieve directory listing Trace: CFileZillaEnginePrivate::ResetOperation(2) Trace: CTlsSocket::Failure(-9, 0) Error: GnuTLS error -9: A TLS packet with unexpected length was received. Status: Server did not properly shut down TLS connection Error: Could not read from socket: ECONNABORTED - Connection aborted Error: Disconnected from server Trace: CControlSocket:oClose(64) Trace: CFtpControlSocket::ResetOperation(66) Trace: CControlSocket::ResetOperation(66) Trace: CFileZillaEnginePrivate::ResetOperation(66) Here is what I get from the server system log at this time: Oct 26 16:50:33 server pure-ftpd: ([email protected]) [INFO] New connection from xxx.xxx.xxx.xxx Oct 26 16:50:34 server pure-ftpd: ([email protected]) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES128-SHA, 128 secret bits cipher Oct 26 16:50:34 server pure-ftpd: ([email protected]) [INFO] *user* is now logged in Oct 26 16:55:01 server pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 26 16:55:01 server pure-ftpd: (?@::1) [INFO] Logout. Oct 26 17:00:02 server pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 26 17:00:02 server pure-ftpd: (?@::1) [INFO] Logout. Oct 26 17:02:20 server pure-ftpd: (*user*@xxx.xxx.xxx.xxx) [INFO] Timeout Oct 26 17:05:01 server pure-ftpd: (?@::1) [INFO] New connection from ::1 Oct 26 17:05:01 server pure-ftpd: (?@::1) [INFO] Logout.
Hm, not sure what the problem is. Have you tried from within your LAN and from the outside? Maybe it's a problem with your router.
I have tried from within the LAN on which the server resides and have the same problem (although maybe the forced IP has something to do with it?) I will try offsite access today. Should it not work what's the best course of action to reinstall Pure-FTP and start from scratch without a complete reinstall of Ubuntu and ISPConfig? thanks, Matt
So I did that, rebooted, and reinstalled per the instructions for FTP without TLS and I am getting the same problem as prior to uninstall and I can't access my FTP account for my site even via normal FTP. Do I need to purge it and then reinstall ISPConfig as well? I've concluded that the problem is in part the router the server is located on--a Netgear FVS-318G--even though the ports are open it is modifying the communication somehow between the server and the client. How robust is the perfect server firewall if I set it up with a public ip directly? And, assuming I get the FTP working again, just change eth0 to a the public ip without any problems? thanks, Matt
