Bug #9713

Passive FTP connections fail when TLS is used

Added by Anonymous almost 4 years ago. Updated almost 4 years ago.

Status:ResolvedStart date:2015-02-26
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:jessie

Description

The kernel can't snoop on packets when TLS is used, so the RELATED tag is useless.

The solution is either to use ipt_recent to open up NEW connections on unprivileged ports to IPs that have recently connected to port 21, or to just open up those ports regardless of recent activity.

The port range can be restricted in pure-ftpd (PassivePortRange) and so a smaller range could be opened in the fireweall, e.g. 30000 - 40000.

Associated revisions

Revision 494b6566
Added by Patrick Cherry almost 4 years ago

ftpd/firewall: Added high numbered port range for passive FTP + TLS

Closes #9713

History

#1 Updated by Patrick Cherry almost 4 years ago

  • Target version set to jessie

#2 Updated by Patrick Cherry almost 4 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Applied in changeset symbiosis|commit:7c07515a3358.

Also available in: Atom PDF