Shulou(Shulou.com)06/01 Report--

Editor to share with you how to use the firewall and SSL/TLS in PureFTPd. I hope you will get something after reading this article. Let's discuss it together.

My client is behind a stateful firewall that does application filtering (such as IPTables with ip_conntrack_ftp or ip_nat_ftp). Cannot connect to a server with SSL/TLS enabled. Validation can pass, but files cannot be downloaded and directories cannot be displayed.

First, try to force the client to use passive mode. When active mode is enabled, the server has to actively connect to the customer (or gateway) by connecting to the dynamic port specified by the socket. However, when using SSL/TLS, the connection socket is encrypted, so those in the middle-- including firewalls-- cannot see which port is being used to transmit data. There are several suggestions to solve this problem, but neither popular clients nor common firewalls understand these techniques. That is, use passive mode, or switch to SSH.

TLS and error 00000000.

Clients with TLS enabled are not working. Output something like this:

SSL connect: error:00000000:lib (0): func (0): reason (0)

This mistake is not very clear. You should see this message on a Unix client like LFTP. In real terms, it means that there is a firewall or NAT box between a TLS-enabled server and a TLS-enabled client, but the firewall cannot handle encrypted FTP sessions. Unfortunately, there is no simple solution. Try switching the client to active mode, using 1:1 NAT, but it's not good to mix SSL/TLS, firewall, and FTP.

After reading this article, I believe you have a certain understanding of "how to use firewall and SSL/TLS in PureFTPd". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for your reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.