Ftp account with TLS/SSL using Proftpd not work

July 28, 2016 4.3k views
VPN Apache DigitalOcean Applications Ubuntu 16.04 Getting Started
lineage2forever
By:
lineage2forever

Hello , I’ve set the FTP server with TLS certificate. however already tried twice I even made another drop any configuration mess , I took a drop Totally Clean To configure the FTP . always put the SAME problem , AO Connect to an FTP software How filezilla , the certificate opens normally but AFTER latch “ Getting Folder .... ” and becomes unresponsive for a while giving error exedido time. They could give me a hand on it. I have another server to configure and so am using mine for testing now . And I can not find someone to help me with this problem .
Thank you!

Details Here to Problem

Follow the configuration files that I download:
https://mega.nz/#!6I9jBTgR!Iz7Y8L7bs5-jEJCWVxcRiWuzyG512IhugTKe5NoHyWI

1- The filizilla is configured like this:
https://snag.gy/lmYKb7.jpg

2 - After I click connect and the certificate opens this way, and I click ok :
https://snag.gy/hcg5b3.jpg

3- After a while it gets stopped in getting folders as follows in the image:
https://snag.gy/bMJ5tY.jpg

4 - And after a few minitos it returns me this connection error as follows in the image:
https://snag.gy/rcTigD.jpg

No work with filezilla in mode ative or passive.
Server ftp on. I am test.

Thanks Guys!

Log In to Comment
4 Answers
JustSomeTech July 29, 2016

Hello,

This might be a problem with the related rules of a firewall between you and the server.
What kind of firewall are you using on your Ubuntu server?

The problem is that, conntrack_ftp module, which on the fly allows ftp data connections to pass through firewall even if they were to be dropped because of rules, cannot analyze the encrypted stream for PASV/PORT commands. The same applies to not being able to use active mode from behind a firewall/nat with encrypted control connection.So you need to set static ports for passive mode (or if client is not behind firewall/nat use an active mode) and add a firewall rule to accept incoming connections on these ports.
Ports for passive mode are set through PassivePorts directive.

Edit the ProFTPd config

 nano /etc/proftpd.conf

edit line 47; uncomment the rule and change the ports to anything you like. Change 

# PassivePorts                  49152 65534

to 

PassivePorts                  50000 50500

Now save the file and restart ProFTPd

service proftpd restart

Modify your firewall
You need to allow the passive ports needed for FTP. How depends on the type of firewall you are running. For IPTables use the following command:

iptables -I INPUT 2 -p tcp --dport 50000:50500 -j ACCEPT

For UFW use the following:

ufw allow 50000:50500/tcp

Now try to connect once more! If you still got problems, please change your FileZilla language to english (so I can understand) and post the FULL log

Reply
lineage2forever July 29, 2016

Show! Thank you for your help it worked , it worked just right . So the problem was the firewall? I’m using the standard with iptables I use to modify … I am beginner to these things yet. Thanks a lot for the help.

Reply
  • JustSomeTech July 29, 2016

    Its a mix between ProFTPD not using ‘static’ passive ports and the firewall not being configured. Good it worked!

lineage2forever July 31, 2016

Hi friend, I could help with One more thing, quería exchange a 21 subparagraph standard port 3510. How do I like to proceed ?

I gave the command:

sudo iptables -A INPUT -p tcp –dport 1234 -j ACCEPT

AND

iptables -I INPUT -p tcp –dport 587 -j ACCEPT

But still closed.
I’m using nmap to View the status of the door.

Thank you

Reply
lineage2forever July 31, 2016

AND WHEN THAT give command

iptables -NL | grep 587

Me Returns 2x This value :

ACCEPT tcp - tcp 0.0.0.0/0 0.0.0.0/0 DPT : 3510

For insert More Than Once with iptables. And now?

Reply
Have another answer? Share your knowledge.

Related