PureftpdIt is a fast, high-quality, and fully functional ftp server. The most important thing is that it supports setting the Default Client encoding. Pureftpd is very powerful and useful. This article will introduce the firewall and SSL/TLSTips!
My client filters applications in a statefulFirewall(For example, after ip_conntrack_ftp or IPTables of ip_nat_ftp. You cannot connect to a server with SSL/TLS enabled. The verification is successful, but the file cannot be downloaded or the directory cannot be displayed.
First, try to force the client to use the passive mode. When active mode is enabled, the server must actively connect to the customer (or gateway) through the dynamic port specified by the socket ). However, when SSL/TLS is used, the connection socket is encrypted. Therefore, the people in the center, including the firewall, cannot see which port is used for data transmission. There are several suggestions for solving this problem, but these skills are not understood by popular clients and common firewalls. That is to say, use the passive mode or use SSH instead.
TLS and error 00000000.
The client with TLS enabled does not work. Output something like this:
- SSL connect: error: 00000000: lib (0): func (0): reason (0)
This error is not very clear. You should see this information on Unix clients like LFTP. In practice, there is a firewall or NAT box between the server that enables TLS and the client that enables TLS, but the firewall cannot process encrypted FTP sessions. Unfortunately, there is no simple solution. Try to switch the client to the active mode and use NAT, but it is not good to mix SSL/TLS, firewall and FTP.
Based on the description in this article, we know the firewall and SSL/TLS application skills of PureFTPd! Hope to help you!