PureFTP and TLS, times out

Discussion in 'Installation/Configuration' started by Taleman, Jun 28, 2015.

  1. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    (Debian Wheezy/Sid) ISPConfig
    I have followed Perfect Server instructions and https://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack.
    Now it seems like FTP with TLS does not work. I can connect with command line ftp client. Using Filezilla, if I choose in "Site Manager" Encryption is "Use plain FTP" then it works. I can login and read and write files.
    But if I choose for Encryption "Require explicit FTP over TLS" I can still log in, but about 20 seconds later the session times out. See below Filezilla session.
    I have tried to find error messages from logs, no luck. I do not understand what is wrong. If this is something to do with FTP passive mode, why would it work differently when TLS is used?

    Status:    Resolving address of ftp.myhostname.fi
    Status:    Connecting to 178.33.999.999:21...
    Status:    Connection established, waiting for welcome message...
    Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:    220-You are user number 1 of 50 allowed.
    Response:    220-Local time is now 20:24. Server port: 21.
    Response:    220-This is a private system - No anonymous login
    Response:    220-IPv6 connections are also welcome on this server.
    Response:    220 You will be disconnected after 15 minutes of inactivity.
    Command:    AUTH TLS
    Response:    234 AUTH TLS OK.
    Status:    Initializing TLS...
    Status:    Verifying certificate...
    Command:    USER myhostname_ftp
    Status:    TLS/SSL connection established.
    Response:    331 User myhostname_ftp OK. Password required
    Command:    PASS ***********
    Response:    230 OK. Current restricted directory is /
    Command:    SYST
    Response:    215 UNIX Type: L8
    Command:    FEAT
    Response:    211-Extensions supported:
    Response:    EPRT
    Response:    IDLE
    Response:    MDTM
    Response:    SIZE
    Response:    MFMT
    Response:    REST STREAM
    Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
    Response:    MLSD
    Response:    AUTH TLS
    Response:    PBSZ
    Response:    PROT
    Response:    UTF8
    Response:    ESTA
    Response:    PASV
    Response:    EPSV
    Response:    SPSV
    Response:    ESTP
    Response:    211 End.
    Command:    OPTS UTF8 ON
    Response:    200 OK, UTF-8 enabled
    Command:    PBSZ 0
    Response:    200 PBSZ=0
    Command:    PROT P
    Response:    200 Data protection level set to "private"
    Status:    Connected
    Status:    Retrieving directory listing...
    Command:    PWD
    Response:    257 "/" is your current location
    Command:    TYPE I
    Response:    200 TYPE is now 8-bit binary
    Command:    PASV
    Response:    227 Entering Passive Mode (178,33,999.999,126,189)
    Command:    MLSD
    Error:    Connection timed out
    Error:    Failed to retrieve directory listing
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats a firewall problem. Configure a pssive port range in pure-ftpd and then open that passive port range in your firewall.

Share This Page