Re: vsftpd under Debian sarge
From: Fabio C. (fabio_at_non-existent.int)
Date: Mon, 31 Jan 2005 18:31:28 +0100
> Using NAT and ftp using SSL is a bit tricky from a firewall perspective
> since an active mode connection will not be handled automatically by the
> ftp connection tracking module since this data is passed over the
> ENCRYPTED communication channel. If you are getting connection refused,
> like you are, the firewall at the other end is obviously not playing
> ball. What FTP client are you using since I do NOT see any SSL
> handshake taking place. You are NOT using the shit one that comes with
> windows are you?! This FTP client doesn't SUPPORT FTP over SSL. Also do
> you NEED both channels encrypting or only the communication channel to
> protect user/pass info? If you dont need the data encryting you can
> tunnel using ssh, and run a normal FTP sever (proftpd/wuftpd etc) at the
> other end along with sshd.
I'm not using SSL and I don't mention connection encrypting in my
original post :-)
I'm also not getting connection refused since it closes the connection
after receiving the login user, that means it's some security policy
applied by the system or directly by vsftpd (but I assure the last
guess, since all other services are working fine - ssh, http and other
open ports -).
Probably the windows' ftp client is shit (please tell me why :-) but I'm
not using SSL, definitely.
> Its linked, OK.. but is it called from /usr/sbin/tcpd via some inetd
vsftpd is started as standalone daemon and no wrapping is called inside
the configuration files.