Menu
▾
▴
Re: [Fail2ban-users] ProFtpd DROP net-fw TLS connection from client ftp
|
From: Davide M. <da...@ms...> - 2017-08-12 12:11:49
|
Il 2017-08-09 11:30 Darac Marjal ha scritto: > On Tue, Aug 08, 2017 at 03:55:52PM -0400, Bill Shirley wrote: >>Looks like you haven't opened up sftp(port 115) in Shorewall. Post >> on the >>Sho...@li... list. Tom Eastep is very >> helpful. >> [..] >>> >>>I don't know if is Fail2ban to tell to Shorewall to Drop this >>> connection or if I should open a specific question on Shorewall ML. >>> Hi friends, I'm here today at a step from the atomic Holocaust (..) I have deepened the situation thanks to the support of the list Shorewall and I have come to the solution, that here I expose here. The problem was the passive ports that FTPS (not SFTP) need, and here the solution: ProFtpd (sftp.conf-> that could be now renamed to tls.conf or ftps.conf as you like): PassivePorts 39152 49152 Shorewall (rules): ACCEPT net $FW tcp 39152:49152 #PROSFTP PASSIVE PORT Thanks again Davide |