PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Proftpd und TLS



polonius
24.10.06, 21:45
Servus zusammen,

ich hab mir auf meinem Debian-Server proftpd instaliert und soweit eingerichtet - mit TLS.

Mein kleines Heimnetzwerk hängt hinter einem Zyxel P316 DSL-Router. Port 21 wird per NAT auf den Server durchgereicht. Ohne Verschlüsselung kann ich problemlos von außen auf den FTP-Server zugreifen.

Sobald ich bei einem FTP-Client (FileZilla) allerdings TLS aktiviere, listet der Server mir nicht das HOME Laufwerk auf. Im Stausfenster von FileZilla kann man sehen, dass die Authentifizierung selber funktioniert (AUTH TLS successful, Zertifikat des Servers wird ebenfalls angezeigt). Aber sobald der FTP-Befehl LIST gesendet wird, bricht der FTP-Client kurz darauf mit folgender Fehlermeldung ab:


Transferkanal konnte nicht geöffnet werden. Grund: Ein
Verbindungsversuch ist fehlgeschlagen, da die Gegenstelle nach einer
bestimmten Zeitspanne nicht ordnungsgemäß reagiert hat, oder die
hergestellte Verbindung war fehlerhaft, da der verbundene Host nicht reagiert
hat.


Der Server ist ein alter PIII-800 mit 512MB SDRAM.

Hat jemand eine Idee woran das liegen kann?

Grüße,
polonius

cane
25.10.06, 01:08
Was sagen die Logs des Servers?

mfg
cane

polonius
25.10.06, 12:08
Ich hab proftpd mal im Debug Modus gestartet und versucht ne TLS Verbindung aufzubauen.

Folgendes Log kam dabei raus:



Oct 25 11:14:04 performing ident lookup
Oct 25 11:14:14 ident connection failed: Interrupted system call
Oct 25 11:14:14 ident lookup returned 'UNKNOWN'
Oct 25 11:14:14 connected - local : 192.168.1.2:21
Oct 25 11:14:14 connected - remote : 194.95.69.146:42804
Oct 25 11:14:14 FTP session opened.
Oct 25 11:14:14 dispatching PRE_CMD command 'AUTH TLS' to mod_rewrite
Oct 25 11:14:14 dispatching PRE_CMD command 'AUTH TLS' to mod_tls
Oct 25 11:14:14 dispatching PRE_CMD command 'AUTH TLS' to mod_core
Oct 25 11:14:14 dispatching PRE_CMD command 'AUTH TLS' to mod_core
Oct 25 11:14:14 dispatching CMD command 'AUTH TLS' to mod_tls
Oct 25 11:14:15 dispatching LOG_CMD command 'AUTH TLS' to mod_log
Oct 25 11:14:16 dispatching PRE_CMD command 'USER polonius' to mod_rewrite
Oct 25 11:14:16 dispatching PRE_CMD command 'USER polonius' to mod_tls
Oct 25 11:14:16 dispatching PRE_CMD command 'USER polonius' to mod_core
Oct 25 11:14:16 dispatching PRE_CMD command 'USER polonius' to mod_core
Oct 25 11:14:16 dispatching PRE_CMD command 'USER polonius' to mod_delay
Oct 25 11:14:16 dispatching PRE_CMD command 'USER polonius' to mod_auth
Oct 25 11:14:16 dispatching auth request "endpwent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "endpwent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "endpwent" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "endgrent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "endgrent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "endgrent" to module mod_auth_unix
Oct 25 11:14:16 dispatching CMD command 'USER polonius' to mod_ratio
Oct 25 11:14:16 dispatching CMD command 'USER polonius' to mod_auth
Oct 25 11:14:16 dispatching auth request "getgroups" to module mod_radius
Oct 25 11:14:16 dispatching auth request "getgroups" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "getgroups" to module mod_auth_unix
Oct 25 11:14:16 dispatching POST_CMD command 'USER polonius' to mod_delay
Oct 25 11:14:16 mod_delay/0.4: selecting median interval from 1 value
Oct 25 11:14:16 dispatching LOG_CMD command 'USER polonius' to mod_log
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_rewrite
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_radius
Oct 25 11:14:16 dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Oct 25 11:14:16 dispatching auth request "endpwent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "endpwent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "endpwent" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "endgrent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "endgrent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "endgrent" to module mod_auth_unix
Oct 25 11:14:16 dispatching CMD command 'PASS (hidden)' to mod_auth
Oct 25 11:14:16 dispatching auth request "getgroups" to module mod_radius
Oct 25 11:14:16 dispatching auth request "getgroups" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "getgroups" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "getpwnam" to module mod_radius
Oct 25 11:14:16 dispatching auth request "getpwnam" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "getpwnam" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "gid_name" to module mod_radius
Oct 25 11:14:16 dispatching auth request "gid_name" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "gid_name" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "auth" to module mod_radius
Oct 25 11:14:16 dispatching auth request "auth" to module mod_tls
Oct 25 11:14:16 dispatching auth request "auth" to module mod_auth_pam
Oct 25 11:14:16 dispatching auth request "setgrent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "setgrent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "setgrent" to module mod_auth_unix
Oct 25 11:14:16
Oct 25 11:14:16 Config for Debian:
Oct 25 11:14:16 DeferWelcome
Oct 25 11:14:16 DebugLevel
Oct 25 11:14:16 ServerLog
Oct 25 11:14:16 DefaultServer
Oct 25 11:14:16 ShowSymlinks
Oct 25 11:14:16 TimeoutNoTransfer
Oct 25 11:14:16 TimeoutStalled
Oct 25 11:14:16 TimeoutIdle
Oct 25 11:14:16 DisplayLogin
Oct 25 11:14:16 DisplayFirstChdir
Oct 25 11:14:16 ListOptions
Oct 25 11:14:16 DenyFilter
Oct 25 11:14:16 DefaultRoot
Oct 25 11:14:16 TLSEngine
Oct 25 11:14:16 UserID
Oct 25 11:14:16 UserName
Oct 25 11:14:16 GroupID
Oct 25 11:14:16 GroupName
Oct 25 11:14:16 Umask
Oct 25 11:14:16 DirUmask
Oct 25 11:14:16 AllowOverwrite
Oct 25 11:14:16 TLSEngine
Oct 25 11:14:16 TLSLog
Oct 25 11:14:16 TLSRequired
Oct 25 11:14:16 TLSRSACertificateFile
Oct 25 11:14:16 TLSRSACertificateKeyFile
Oct 25 11:14:16 CURRENT-CLIENTS
Oct 25 11:14:16 USER
Oct 25 11:14:16 USER polonius: Login successful.
Oct 25 11:14:16 opening TransferLog '/var/log/xferlog'
Oct 25 11:14:16 dispatching auth request "getpwnam" to module mod_radius
Oct 25 11:14:16 dispatching auth request "getpwnam" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "getpwnam" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "setpwent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "setpwent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "setpwent" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "setgrent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "setgrent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "setgrent" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "getpwent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "getpwent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "getpwent" to module mod_auth_unix
Oct 25 11:14:16 dispatching auth request "getgrent" to module mod_radius
Oct 25 11:14:16 dispatching auth request "getgrent" to module mod_auth_file
Oct 25 11:14:16 dispatching auth request "getgrent" to module mod_auth_unix
Oct 25 11:14:16 Preparing to chroot() the environment, path = '/home/polonius'
Oct 25 11:14:16 Environment successfully chroot()ed.
Oct 25 11:14:16 in dir_check_full(): path = '/', fullpath = '/home/polonius/'.
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_cap
Oct 25 11:14:16 mod_cap/1.0: capabilities '= cap_net_bind_service+ep'
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_ifsession
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_readme
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_delay
Oct 25 11:14:16 mod_delay/0.4: selecting median interval from 1 value
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_radius
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_tls
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_ratio
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_quotatab
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_log
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_ls
Oct 25 11:14:16 dispatching POST_CMD command 'PASS (hidden)' to mod_auth
Oct 25 11:14:16 dispatching LOG_CMD command 'PASS (hidden)' to mod_log
Oct 25 11:14:16 dispatching LOG_CMD command 'PASS (hidden)' to mod_ratio
Oct 25 11:14:17 dispatching PRE_CMD command 'SYST' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'SYST' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'SYST' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'SYST' to mod_core
Oct 25 11:14:17 dispatching CMD command 'SYST' to mod_core
Oct 25 11:14:17 dispatching LOG_CMD command 'SYST' to mod_log
Oct 25 11:14:17 dispatching PRE_CMD command 'FEAT' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'FEAT' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'FEAT' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'FEAT' to mod_core
Oct 25 11:14:17 dispatching CMD command 'FEAT' to mod_core
Oct 25 11:14:17 dispatching LOG_CMD command 'FEAT' to mod_log
Oct 25 11:14:17 dispatching PRE_CMD command 'PBSZ 0' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'PBSZ 0' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'PBSZ 0' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'PBSZ 0' to mod_core
Oct 25 11:14:17 dispatching CMD command 'PBSZ 0' to mod_tls
Oct 25 11:14:17 dispatching LOG_CMD command 'PBSZ 0' to mod_log
Oct 25 11:14:17 dispatching PRE_CMD command 'PROT P' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'PROT P' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'PROT P' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'PROT P' to mod_core
Oct 25 11:14:17 dispatching CMD command 'PROT P' to mod_tls
Oct 25 11:14:17 dispatching POST_CMD command 'PROT P' to mod_xfer
Oct 25 11:14:17 dispatching LOG_CMD command 'PROT P' to mod_log
Oct 25 11:14:17 dispatching PRE_CMD command 'PWD' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'PWD' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'PWD' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'PWD' to mod_core
Oct 25 11:14:17 dispatching CMD command 'PWD' to mod_core
Oct 25 11:14:17 in dir_check_full(): path = '/', fullpath = '/home/polonius/'.
Oct 25 11:14:17 dispatching LOG_CMD command 'PWD' to mod_log
Oct 25 11:14:17 dispatching PRE_CMD command 'TYPE A' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'TYPE A' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'TYPE A' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'TYPE A' to mod_core
Oct 25 11:14:17 dispatching CMD command 'TYPE A' to mod_xfer
Oct 25 11:14:17 dispatching LOG_CMD command 'TYPE A' to mod_log
Oct 25 11:14:17 dispatching PRE_CMD command 'PASV' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'PASV' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'PASV' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'PASV' to mod_core
Oct 25 11:14:17 dispatching CMD command 'PASV' to mod_core
Oct 25 11:14:17 in dir_check_full(): path = '/', fullpath = '/home/polonius/'.
Oct 25 11:14:17 Entering Passive Mode (192,168,1,2,128,17).
Oct 25 11:14:17 dispatching LOG_CMD command 'PASV' to mod_log
Oct 25 11:14:17 dispatching PRE_CMD command 'LIST' to mod_rewrite
Oct 25 11:14:17 dispatching PRE_CMD command 'LIST' to mod_tls
Oct 25 11:14:17 dispatching PRE_CMD command 'LIST' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'LIST' to mod_core
Oct 25 11:14:17 dispatching PRE_CMD command 'LIST' to mod_ratio
Oct 25 11:14:17 dispatching CMD command 'LIST' to mod_ls



Das hilft mir alerdings auch nicht weiter...

Grüße,
polonius

$kuLL
25.10.06, 18:27
Aktiviere mal spaßeshalber ein paar Ports für den passive Mode:

proftpd.conf
PassivePorts 50000 50500

Und diese Ports dann auf den Server redirecten.