Hello All,
I configured vsftpd to work with explict TLS. It works for me and anybody with any pass on firewall but it doesn't work for anyone else from local network nor internet.
My vsftpd.conf file is this;
Code:
local_enable=YES
write_enable=YES
local_umask=002
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=NO
xferlog_std_format=YES
ftpd_banner=Welcome to FTP Service
chroot_local_user=YES
chroot_list_enable=NO
chroot_list_file=/etc/vsftpd/chroot_list
passwd_chroot_enable=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
tcp_wrappers=YES
ssl_enable=NO
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/pki/tls/private/vsftpd.pem
rsa_private_key_file=/etc/pki/tls/private/vsftpd.key
pasv_enable=YES
pasv_min_port=12345
pasv_max_port=12356
pasv_address=internet_ip
listen_address=local_ip
I made network guy to open 20,21,990,12345-12356 ports but still it doesn't work.
Another note is ; to be able to connect FTP server, Active Mode should be selected by client, if it's auto or Passive, it fails.
What should I do for this configuration work ?
Btw, the problem is not about authentication or certificate because it passes those stages and fails at listing directories, it gets "Timeout" error.
FTPS Ports
