Re: [PLUG] If not SFTP, how's about FTPS?

Matt Mossholder on 11 Aug 2015 07:07:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] If not SFTP, how's about FTPS?

From: Matt Mossholder <matt@mossholder.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] If not SFTP, how's about FTPS?
Date: Tue, 11 Aug 2015 10:06:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mossholder.com; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=pmw/6LpSNPbMc71c4EjgVeYFLsvUNqkCdbgKqCOUGeE=; b=DGoVJoc7TZPuNF74r7LktfKUAVBeSD4dl6OHEq/lN8b6pb/jshomueBTL5af7Ggna9 bJrUMtCvPnj0CqVCosg3CRglC5Y4EnSLuxbNWwkBIT1pHT/Uv8X62FF/OEbdKwjcOICs IDH2VWliVa8NCzsYsHBz8xr6jM07nJl7MEJJc=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Tue, Aug 11, 2015 at 9:57 AM, Michael Leone <turgon@mike-leone.com> wrote:

Anyone? My firewall guy tells me that there are no rules blocking me
from doing this (not from my trusted zone into my DMZ, anyway). So
it's not a firewall block. Any ideas what might be causing this?

My guess is the firewall is blocking the ftp-data connections. FTPS works the same way as FTP (two channels, command and data). You've established that your command channel works by establishing a connection, but your FTP server will be making connections back to clients on dynamically allocated data ports to return the results of the commands. Unless you have defined a range of ports in your firewall for use by FTPS, you probably won't be able to receive the data back from the server.

Most intelligent firewalls (these days) watch non-SSL FTP traffic and dynamically open the required ports. That obviously doesn't work with SSL.

--Matt

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] If not SFTP, how's about FTPS?
  - From: Michael Leone <turgon@mike-leone.com>

References:
- [PLUG] If not SFTP, how's about FTPS?
  - From: Michael Leone <turgon@mike-leone.com>
- Re: [PLUG] If not SFTP, how's about FTPS?
  - From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] If not SFTP, how's about FTPS?
Next by Date: Re: [PLUG] Need Help with a script for netcat
Previous by thread: Re: [PLUG] If not SFTP, how's about FTPS?
Next by thread: Re: [PLUG] If not SFTP, how's about FTPS?
Index(es):
- Date
- Thread