rem
2003-09-23 09:48:12 UTC
Hello,
I'm wondering - is it just me, or when client authenticates using TLS
authentication, linux iptables ftp connection tracking does not work
anymore?
I have Gentoo linux up-to-date and pureftpd 1.0.16a with TLS and mysql
support enabled (custom ebuild) and Linux iptables firewall with
ip_conntrack_ftp module enabled. It works like a charm when client
authenticates the usual way, but when TLS is enabled it only works if
firewall is disabled...
any ideas?
--- ACTIVE MODE ---
PROT C
200 OK
PORT 62,85,89,100,7,0
200 PORT command successful
LIST
(timeout)
-- PASSIVE MODE ---
PROT C
200 OK
PASV
227 Entering Passive Mode (62,85,33,154,156,151)
(timeout)
--- compile options ---
--with-altlog \
--with-throttling \
--with-sysquotas --with-ftpwho \
--with-peruserlimits --with-mysql \
--with-tls
--- runtime options ---
-S 21 -c 15 -C 4 -B -k 98% -l mysql:/etc/pureftpd-mysql.conf -I 5 -A -x
-E --tls=1 -p 40000:40100
I'm sorry if this has already been discussed.
best regads,
Kaspars
I'm wondering - is it just me, or when client authenticates using TLS
authentication, linux iptables ftp connection tracking does not work
anymore?
I have Gentoo linux up-to-date and pureftpd 1.0.16a with TLS and mysql
support enabled (custom ebuild) and Linux iptables firewall with
ip_conntrack_ftp module enabled. It works like a charm when client
authenticates the usual way, but when TLS is enabled it only works if
firewall is disabled...
any ideas?
--- ACTIVE MODE ---
PROT C
200 OK
PORT 62,85,89,100,7,0
200 PORT command successful
LIST
(timeout)
-- PASSIVE MODE ---
PROT C
200 OK
PASV
227 Entering Passive Mode (62,85,33,154,156,151)
(timeout)
--- compile options ---
--with-altlog \
--with-throttling \
--with-sysquotas --with-ftpwho \
--with-peruserlimits --with-mysql \
--with-tls
--- runtime options ---
-S 21 -c 15 -C 4 -B -k 98% -l mysql:/etc/pureftpd-mysql.conf -I 5 -A -x
-E --tls=1 -p 40000:40100
I'm sorry if this has already been discussed.
best regads,
Kaspars