PureFTPd firewall and SSL/TLS

Source: Internet
Author: User

PureftpdIt is a fast, high-quality, and fully functional ftp server. The most important thing is that it supports setting the Default Client encoding. Pureftpd is very powerful and useful. This article will introduce the firewall and SSL/TLSTips!

My client filters applications in a statefulFirewall(For example, after ip_conntrack_ftp or IPTables of ip_nat_ftp. You cannot connect to a server with SSL/TLS enabled. The verification is successful, but the file cannot be downloaded or the directory cannot be displayed.

First, try to force the client to use the passive mode. When active mode is enabled, the server must actively connect to the customer (or gateway) through the dynamic port specified by the socket ). However, when SSL/TLS is used, the connection socket is encrypted. Therefore, the people in the center, including the firewall, cannot see which port is used for data transmission. There are several suggestions for solving this problem, but these skills are not understood by popular clients and common firewalls. That is to say, use the passive mode or use SSH instead.

TLS and error 00000000.

The client with TLS enabled does not work. Output something like this:

 
 
  1. SSL connect: error: 00000000: lib (0): func (0): reason (0)

This error is not very clear. You should see this information on Unix clients like LFTP. In practice, there is a firewall or NAT box between the server that enables TLS and the client that enables TLS, but the firewall cannot process encrypted FTP sessions. Unfortunately, there is no simple solution. Try to switch the client to the active mode and use NAT, but it is not good to mix SSL/TLS, firewall and FTP.

Based on the description in this article, we know the firewall and SSL/TLS application skills of PureFTPd! Hope to help you!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.