FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-26-2009, 04:15 PM
German Andres Pulido
 
Default ProFTPd under CentOS 5.2 running FTPS - iptables problem

> Hello,
>
> I am setting up ProFTPd daemon (from EPEL repository) under CentOS 5.2
> and I need encrypted connection. Daemon is configured perfectly, there
> is no problem - if iptables is off connection is smoothly established,
> but when iptables is on, connection in FTP client ends on command LIST
> without response. Last command with response (positive) is PASV.
>
> Thank you for your replies
> Martin *ťastný
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Hi!

The issue is probably with the way FTP is handled. I see two possible
solutions:

1. Use the ip_conntrack_ftp module of IPtables. What this does is setting
iptables aware that the data FTP connection should also be allowed since it's
related to the original one on port 21. Google for more info on it (and the
exact module name)

2. If you only need encrypted traffic, using SFTP makes sense. It only uses
the port 22 (It's a subsystem of SSH) and its encryption is very good.

Regards.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-26-2009, 05:24 PM
Les Mikesell
 
Default ProFTPd under CentOS 5.2 running FTPS - iptables problem

happymaster23 wrote:
> Thank you,
>
> I will check it. But - is this only possible solution?
>
> SFTP I am using only for administration purposes (yeah, it is quite
> easy to set it up :-D) and its better for me, to make FTPS for
> customers and SFTP only for me.

If you control the other end as well, why not use scp or rsync over ssh
which are easier to script anyway?

--
Les Mikesell
lesmikesell@gmail.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-26-2009, 06:49 PM
happymaster23
 
Default ProFTPd under CentOS 5.2 running FTPS - iptables problem

You know, because I am to lazy. All users has shell /sbin/nologin and
all security this are set to only one account via SSH. I am normally
providing FTP access for users and is much easier to give them secured
FTP than other method (SFTP) imcompatible with FTP.

I have an idea - if I use CentOS native FTP daemon (vsFTPd I think),
will there be any change or there is no sense?

Thank you very much

2009/1/26 Les Mikesell <lesmikesell@gmail.com>:
> happymaster23 wrote:
>> Thank you,
>>
>> I will check it. But - is this only possible solution?
>>
>> SFTP I am using only for administration purposes (yeah, it is quite
>> easy to set it up :-D) and its better for me, to make FTPS for
>> customers and SFTP only for me.
>
> If you control the other end as well, why not use scp or rsync over ssh
> which are easier to script anyway?
>
> --
> Les Mikesell
> lesmikesell@gmail.com
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:50 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org