The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem with FTP using TTL/SSL setting (firewall block all the connection)

Discussion in 'Security' started by phoenixweb, Oct 15, 2013.

  1. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Hi everybody,

    I have a big problem with this setting:
    - WHM -> FTP Server Configuration -> TLS Encryption Support

    if I turn it on "Required" then the FTP server stop to work correctly.
    I open the TTLs port on my firewall (which is 990), but i cannot understand why it try to open port > 30000
    It let my user login correctly but after the login it try to open ports that is not allowed to open.

    if i place the TLS Encryption Settings on "Optional", the server will use correctly the port 21 for the command and 20 for the data, and everything works fine.

    Can you pls help me to fix this problem with TLS Encryption?
    Recently there have been to many password steal and we cannot anymore allow login with clear password.

    Thanks,
    Max
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's likely the user has enabled passive FTP mode in their FTP client, or passive mode is enabled automatically in the FTP client. The default port range for passive mode with PureFTPd is:

    Code:
    # PassivePortRange          30000 50000
    You will need to configure the FTP client to use active mode only if you prefer to keep the passive ports blocked by your firewall.

    Thank you.
     
  3. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    I'm using Filezilla and set ACTIVE MODE.
    But it always switch automatically to PASSIVE MODE.

    Is it possible?
    Does TTLS/SSL support active mode?
    Which is the data/command port?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    The problem is that my connection ask to open 192.168.1.128
    Why this doesn't occur with simple FTP without SSL?


     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You may want to check your firewall rules to ensure they are not blocking traffic related to FTP. If you continue to experience issues, feel free to submit a ticket so we can check further:

    Submit A Ticket

    You can post the ticket number here so we can track the issue.

    Thank you.
     
  7. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Hi Micheal,

    thank you.
    Of course is firewall related problem.
    I already checked port 20,21 and 990.

    FTP command: 21
    FTP data: 20
    FTP TTL: 990

    these port are already open and they works correctly.
    If I run the standard FTP without TTLs the connection works perfectly in active mode.
    Is there any other port used by active mode with TTLs that i don't know?

    Let me know.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    649
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    During active mode, the FTP server responds to the connection attempt and returns a connection request from a different port to the FTP client. NAT configurations block this connection request. The following document better explains this with diagrams:

    Active/Passive FTP - cPanel Docs

    You will need to open additional ports if your FTP client is defaulting to passive mode. There is a guide on this at:

    FTP Ports for Passive Mode - cPanel Docs

    Thank you.
     
Loading...

Share This Page