(Debian Wheezy/Sid) ISPConfig 3.0.5.4p8 I have followed Perfect Server instructions and https://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack. Now it seems like FTP with TLS does not work. I can connect with command line ftp client. Using Filezilla, if I choose in "Site Manager" Encryption is "Use plain FTP" then it works. I can login and read and write files. But if I choose for Encryption "Require explicit FTP over TLS" I can still log in, but about 20 seconds later the session times out. See below Filezilla session. I have tried to find error messages from logs, no luck. I do not understand what is wrong. If this is something to do with FTP passive mode, why would it work differently when TLS is used? Code: Status: Resolving address of ftp.myhostname.fi Status: Connecting to 178.33.999.999:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 20:24. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Status: Verifying certificate... Command: USER myhostname_ftp Status: TLS/SSL connection established. Response: 331 User myhostname_ftp OK. Password required Command: PASS *********** Response: 230 OK. Current restricted directory is / Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Extensions supported: Response: EPRT Response: IDLE Response: MDTM Response: SIZE Response: MFMT Response: REST STREAM Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Response: MLSD Response: AUTH TLS Response: PBSZ Response: PROT Response: UTF8 Response: ESTA Response: PASV Response: EPSV Response: SPSV Response: ESTP Response: 211 End. Command: OPTS UTF8 ON Response: 200 OK, UTF-8 enabled Command: PBSZ 0 Response: 200 PBSZ=0 Command: PROT P Response: 200 Data protection level set to "private" Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (178,33,999.999,126,189) Command: MLSD Error: Connection timed out Error: Failed to retrieve directory listing
Thats a firewall problem. Configure a pssive port range in pure-ftpd and then open that passive port range in your firewall.