Problem with FTP using TTL/SSL setting (firewall block all the connection)

phoenixweb

• October 15, 2013 07:39

Hi everybody, I have a big problem with this setting: - WHM -> FTP Server Configuration -> TLS Encryption Support if I turn it on "Required" then the FTP server stop to work correctly. I open the TTLs port on my firewall (which is 990), but i cannot understand why it try to open port > 30000 It let my user login correctly but after the login it try to open ports that is not allowed to open. if i place the TLS Encryption Settings on "Optional", the server will use correctly the port 21 for the command and 20 for the data, and everything works fine. Can you pls help me to fix this problem with TLS Encryption? Recently there have been to many password steal and we cannot anymore allow login with clear password. Thanks, Max

• 

  cPanelMichael

  • October 17, 2013 14:16

  Hello :) It's likely the user has enabled passive FTP mode in their FTP client, or passive mode is enabled automatically in the FTP client. The default port range for passive mode with PureFTPd is: # PassivePortRange 30000 50000
  You will need to configure the FTP client to use active mode only if you prefer to keep the passive ports blocked by your firewall. Thank you.

  0
• 

  phoenixweb

  • October 17, 2013 18:58

  I'm using Filezilla and set ACTIVE MODE. But it always switch automatically to PASSIVE MODE. Is it possible? Does TTLS/SSL support active mode? Which is the data/command port?

  0
• 

  cPanelMichael

  • October 18, 2013 17:17

  FTPS should work with active mode. Try modifying your FTP client to always use active mode if you prefer that method. Thank you.

  0
• 

  phoenixweb

  • October 22, 2013 10:06

  The problem is that my connection ask to open 192.168.1.128 Why this doesn't occur with simple FTP without SSL? [QUOTE]Stato: Il server non supporta caratteri non ASCII. Comando: PBSZ 0 Risposta: 200 PBSZ=0 Comando: PROT P Risposta: 200 Data protection level set to "private" Stato: Connesso Stato: Lettura elenco cartelle... Comando: PWD Risposta: 257 "/" is your current location Comando: TYPE I Risposta: 200 TYPE is now 8-bit binary Comando: PORT 192,168,1,128,240,189 [COLOR="#FF0000">Risposta: 500 I won't open a connection to 192.168.1.128 (only to 93.35.83.92) Comando: PASV Risposta: 227 Entering Passive Mode (81,29,220,19,56,52)
  

  0
• 

  cPanelMichael

  • October 22, 2013 18:09

  You may want to check your firewall rules to ensure they are not blocking traffic related to FTP. If you continue to experience issues, feel free to submit a ticket so we can check further: Submit A Ticket You can post the ticket number here so we can track the issue. Thank you.

  0
• 

  phoenixweb

  • October 22, 2013 18:19

  [quote="cPanelMichael, post: 1488382">You may want to check your firewall rules to ensure they are not blocking traffic related to FTP. If you continue to experience issues, feel free to submit a ticket so we can check further: Submit A Ticket You can post the ticket number here so we can track the issue. Thank you.
  Hi Micheal, thank you. Of course is firewall related problem. I already checked port 20,21 and 990. FTP command: 21 FTP data: 20 FTP TTL: 990 these port are already open and they works correctly. If I run the standard FTP without TTLs the connection works perfectly in active mode. Is there any other port used by active mode with TTLs that i don't know? Let me know.

  0
• 

  cPanelMichael

  • October 23, 2013 16:12

  During active mode, the FTP server responds to the connection attempt and returns a connection request from a different port to the FTP client. NAT configurations block this connection request. The following document better explains this with diagrams: Active/Passive FTP - cPanel Docs You will need to open additional ports if your FTP client is defaulting to passive mode. There is a guide on this at: FTP Ports for Passive Mode - cPanel Docs Thank you.

  0

Please sign in to leave a comment.