New install on Debian 12. FTPS is blocked by firewall with default settings. No problems during install. FTP without TLS works 100% with the firewall up or down. I followed this install document. https://www.howtoforge.com/perfect-server-debian-12-buster-apache-bind-dovecot-ispconfig-3-2/ This is what is in my default firewall. TCP Ports: 21,22,25,53,80,110,143,443,465,587,993,995,3306,4190,8080,8081,40110:40210 UDP Ports 53 When I enable the default firewall, I am able to establish TLS connection, then unable to list remote directory. I simple delete the firewall entry from the control panel and like magic I can list directories and move files again. Any suggestions? And Thanks.
Never Mind. My bad. SSL is not installed on that domain. I have too many attempts in last few days. I have to wait a little longer to get certs installed.
@till I found the problem. Maybe a bug in the script or more likely a Debian 12 change related to pure-ftpd. https://www.faqforge.com/linux/cont...ange-in-pure-ftpd-on-debian-and-ubuntu-linux/ Dude, I just looked at who wrote the article. LOL I figured out it had nothing to do with TLS. That was working just fine. I was connected to the hostname and had a TLS connection. But if the firewall was on then it blocked all FTP traffic after establishing a connection. I think it establishes the connection on port 21. The default firewall already had the port range allocated for FTP passive port range. But when I checked the status of the /etc/pure-ftpd/conf folder for the PassivePortRange file, it did not exist. I simply created one with the port range inside and restarted the pure-ftpd daemon. FTP works with the firewall on now.
I don't think this statement is true. I was chasing my tail at this point. I thought that was the case, but later I proved to myself that it had nothing to do with a secure connection. That's how I moved on to the real problem, of the PassivePortRange file being missing. After setting the port range in the conf file, and restarting the daemon, FTP worked with firewall turned on with default settings.
I can also see that the instructions to set passive ports for pure-ftpd are missing from that Debian 12 Perfect Server tutorial. @till may be consider adding them in?
