Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Problem with FTP using TTL/SSL setting (firewall block all the connection)

Discussion in 'Security' started by phoenixweb, Oct 15, 2013.

  1. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    cPanel Access Level:
    DataCenter Provider
    Hi everybody,

    I have a big problem with this setting:
    - WHM -> FTP Server Configuration -> TLS Encryption Support

    if I turn it on "Required" then the FTP server stop to work correctly.
    I open the TTLs port on my firewall (which is 990), but i cannot understand why it try to open port > 30000
    It let my user login correctly but after the login it try to open ports that is not allowed to open.

    if i place the TLS Encryption Settings on "Optional", the server will use correctly the port 21 for the command and 20 for the data, and everything works fine.

    Can you pls help me to fix this problem with TLS Encryption?
    Recently there have been to many password steal and we cannot anymore allow login with clear password.

    Thanks,
    Max
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    It's likely the user has enabled passive FTP mode in their FTP client, or passive mode is enabled automatically in the FTP client. The default port range for passive mode with PureFTPd is:

    Code:
    # PassivePortRange          30000 50000
    You will need to configure the FTP client to use active mode only if you prefer to keep the passive ports blocked by your firewall.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    cPanel Access Level:
    DataCenter Provider
    I'm using Filezilla and set ACTIVE MODE.
    But it always switch automatically to PASSIVE MODE.

    Is it possible?
    Does TTLS/SSL support active mode?
    Which is the data/command port?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    FTPS should work with active mode. Try modifying your FTP client to always use active mode if you prefer that method.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    cPanel Access Level:
    DataCenter Provider
    The problem is that my connection ask to open 192.168.1.128
    Why this doesn't occur with simple FTP without SSL?


     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You may want to check your firewall rules to ensure they are not blocking traffic related to FTP. If you continue to experience issues, feel free to submit a ticket so we can check further:

    Submit A Ticket

    You can post the ticket number here so we can track the issue.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. phoenixweb

    phoenixweb Well-Known Member

    Joined:
    Jun 3, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    cPanel Access Level:
    DataCenter Provider
    Hi Micheal,

    thank you.
    Of course is firewall related problem.
    I already checked port 20,21 and 990.

    FTP command: 21
    FTP data: 20
    FTP TTL: 990

    these port are already open and they works correctly.
    If I run the standard FTP without TTLs the connection works perfectly in active mode.
    Is there any other port used by active mode with TTLs that i don't know?

    Let me know.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    During active mode, the FTP server responds to the connection attempt and returns a connection request from a different port to the FTP client. NAT configurations block this connection request. The following document better explains this with diagrams:

    Active/Passive FTP - cPanel Docs

    You will need to open additional ports if your FTP client is defaulting to passive mode. There is a guide on this at:

    FTP Ports for Passive Mode - cPanel Docs

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice