FTP-TLS

To: debian-isp@lists.debian.org
Subject: FTP-TLS
From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>
Date: Wed, 11 Feb 2004 17:58:05 +0100
Message-id: <[🔎] 20040211165804.GA5689@ildicow.saturnus.vein.hu>

Hi list,


I've got a site running proftpd that only serves files through
FTP-TLS.  The setup works correctly for most cases, with two
notable exceptions:

  -- a collegue of mine has complained that he cannot login
     if the Kerio net-sharing tool is active.  He claimed
     that no filtering rule was in effect.  OS: W2k
  -- one of our customers has difficulties too: his network
     is behind a microwave-modem gateway.  Each box in the
     internal network has an IP address from the 192.168.x.x/16
     range, so I suppose the modem must perform some kind
     of network address translating or transparent proxying.
     OS: W98

The clients were CuteFTP Lite 1.2 in both cases, the
communication mode was AUTH-TLS, passive FTP.  There's neither
server nor client certificate checking.

When they tried to connect, the process aborted just before the
program would ask for the user name and the password, but after the TLS
negotiation.  On the server side, I see only a "QUIT" command
from the clients, nothing else.

These are the relevant lines from proftpd.conf:
# Network options
Bind                            dargor
SocketBindTight                 yes
#PassivePorts                   65500 65534

Port                            21
PassivePorts                    6000 6008

# Daemon security
MaxInstances                    30
User                            proftpd
Group                           proftpd
CapabilitiesEngine              On
CapabilitiesSet                 -CAP_CHOWN

# TLS settings
TLSEngine                       on
TLSCACertificatePath            /etc/ssl/certs
TLSRSACertificateFile           /etc/proftpd/proftpd.cert
TLSRSACertificateKeyFile        /etc/proftpd/proftpd.key

# Protocol settings
MultilineRFC2228                on
DefaultTransferMode             binary

# Timeouts
TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

# Authentication
TLSRequired                    yes
UseFTPUsers                     no
AuthPAM                         no

# Protocol security
ServerName                      "dargor's ftp gate"
ServerIdent                     off
DeferWelcome                    on
#DenyFilter                     \*.*/
AllowOverwrite                  on

# Service options
PersistentPasswd                off

Package: proftpd
Version: 1.2.8-15.backports.org.1

Has anyone experienced similar phenomena, or does anyone have
random ideas, anything?  I'd really appreciate even a little
hint.

bit,
adam

-- 
Am I a cleric?     | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever?        | 82DD 54C2 843D 37B8 D989
Renegade?          | http://sks.dnsalias.net

Reply to:

Follow-Ups:
- Re: FTP-TLS
  - From: Alex Borges <alex@co.com.mx>
- Re: FTP-TLS
  - From: Michael Wood <mwood@its.uct.ac.za>

Prev by Date: Re: POP3 accounts
Next by Date: Re: FTP-TLS
Previous by thread: Re: POP3 accounts
Next by thread: Re: FTP-TLS
Index(es):
- Date
- Thread