[prev in list] [next in list] [prev in thread] [next in thread]
List: proftpd-users
Subject: Re: [Proftpd-user] FTPS problems on a dual-homed ProFTPD server
From: Jens Schleusener <Jens.Schleusener () t-systems-sfr ! com>
Date: 2006-05-05 8:45:28
Message-ID: Pine.LNX.4.61.0605051037330.1141 () dino ! rz ! go ! dlr ! de
[Download RAW message or body]
On Thu, 4 May 2006, Jens Schleusener wrote:
> On Thu, 4 May 2006, TJ Saunders wrote:
>
> >
> > > So probably the VirtualHost configuration is the wrong idea or must be
> > > done more sophisticated.
> > >
> > > Can someone bring in the right direction or has even an example configuration?
> >
> > See:
> >
> > http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-NAT.html
> >
> > Particular the last question in the FAQ section there.
> >
> > Hope this helps,
>
> Thanks, reading that page before would have saved me some time :-(
>
> Principally it describes my last solution and it doesn't solve directly my
> problem that FTPS isn't working for internal accesses. But testing in that
> context brings me "in the right direction". First after disabling forcing
> FTPS on the client program I got login problems using internal accesses.
> To solve that problem I had to transfer some directives like
> "AuthUserFile" and "AuthGroupFile" in the <Global> section, but after that
> only "standard" FTP works. Then I tried accordingly to put also my current
> "TLS" regarding lines
>
> <IfModule mod_tls.c>
> TLSEngine on
> TLSLog /var/log/proftpd_tls.log
> TLSProtocol SSLv23
> TLSOptions NoCertRequest
> TLSRequired off
> TLSVerifyClient off
> TLSTimeoutHandshake 60
> TLSRSACertificateFile /usr/local/etc/ftpcert/host.cert
> TLSRSACertificateKeyFile /usr/local/etc/ftpcert/host.key
> </IfModule>
>
> in the <Global> section but starting ProFTPd I got the error
>
> Fatal: TLSProtocol: directive not allowed in <Global> context on line 198
> of '/usr/local/etc/proftpd.conf'
>
> Hmm, on the documentation page
>
> http://www.proftpd.org/docs/directives/linked/config_ref_TLSProtocol.html
>
> as "Context" is mentioned also <Global>:
>
> server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess
>
> Nevertheless I removed (commented) the "TLSProtocol" directive and now
> internal and external FTPS requests seem to work.
>
> May the removing of "TLSProtocol" directive habe some negative side
> effects?
Ok, I found on (hmm, seems to be the "official" mod_tls documentation?)
http://www.castaglia.org/proftpd/modules/mod_tls.html#TLSProtocol
as allowed "Context" only "Context: server config" with the comment
Since the protocol version used by mod_tls is set only once, when the daemon
starts, the TLSProtocol directive is only allowed in the "server config"
context.
Greetings
Jens
--
Dr. Jens Schleusener T-Systems Solutions for Research GmbH
Tel: +49 551 709-2493 Bunsenstr.10
Fax: +49 551 709-2169 D-37073 Goettingen
Jens.Schleusener@t-systems.com http://www.t-systems.com/
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
ProFTPD Users List <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic