Bug #9713

Passive FTP connections fail when TLS is used

Added by Anonymous over 4 years ago. Updated about 4 years ago.

Status:ResolvedStart date:2015-02-26
Priority:NormalDue date:
Assignee:-% Done:


Target version:jessie


The kernel can't snoop on packets when TLS is used, so the RELATED tag is useless.

The solution is either to use ipt_recent to open up NEW connections on unprivileged ports to IPs that have recently connected to port 21, or to just open up those ports regardless of recent activity.

The port range can be restricted in pure-ftpd (PassivePortRange) and so a smaller range could be opened in the fireweall, e.g. 30000 - 40000.

Associated revisions

Revision 494b6566
Added by Patrick Cherry about 4 years ago

ftpd/firewall: Added high numbered port range for passive FTP + TLS

Closes #9713


#1 Updated by Patrick Cherry about 4 years ago

  • Target version set to jessie

#2 Updated by Patrick Cherry about 4 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Applied in changeset symbiosis|commit:7c07515a3358.

Also available in: Atom PDF