FTP-TLS
Hi list,
I've got a site running proftpd that only serves files through
FTP-TLS. The setup works correctly for most cases, with two
notable exceptions:
-- a collegue of mine has complained that he cannot login
if the Kerio net-sharing tool is active. He claimed
that no filtering rule was in effect. OS: W2k
-- one of our customers has difficulties too: his network
is behind a microwave-modem gateway. Each box in the
internal network has an IP address from the 192.168.x.x/16
range, so I suppose the modem must perform some kind
of network address translating or transparent proxying.
OS: W98
The clients were CuteFTP Lite 1.2 in both cases, the
communication mode was AUTH-TLS, passive FTP. There's neither
server nor client certificate checking.
When they tried to connect, the process aborted just before the
program would ask for the user name and the password, but after the TLS
negotiation. On the server side, I see only a "QUIT" command
from the clients, nothing else.
These are the relevant lines from proftpd.conf:
# Network options
Bind dargor
SocketBindTight yes
#PassivePorts 65500 65534
Port 21
PassivePorts 6000 6008
# Daemon security
MaxInstances 30
User proftpd
Group proftpd
CapabilitiesEngine On
CapabilitiesSet -CAP_CHOWN
# TLS settings
TLSEngine on
TLSCACertificatePath /etc/ssl/certs
TLSRSACertificateFile /etc/proftpd/proftpd.cert
TLSRSACertificateKeyFile /etc/proftpd/proftpd.key
# Protocol settings
MultilineRFC2228 on
DefaultTransferMode binary
# Timeouts
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
# Authentication
TLSRequired yes
UseFTPUsers no
AuthPAM no
# Protocol security
ServerName "dargor's ftp gate"
ServerIdent off
DeferWelcome on
#DenyFilter \*.*/
AllowOverwrite on
# Service options
PersistentPasswd off
Package: proftpd
Version: 1.2.8-15.backports.org.1
Has anyone experienced similar phenomena, or does anyone have
random ideas, anything? I'd really appreciate even a little
hint.
bit,
adam
--
Am I a cleric? | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever? | 82DD 54C2 843D 37B8 D989
Renegade? | http://sks.dnsalias.net
Reply to: