1

I have setup a new FTP server using Pure-FTPd and Ubuntu 20.04. I can connect to my server without a problem when I'm not activating TLS.

First I created a self-signed certificate with the following command:

openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -days 3650

Then I activated TLS with this command and also restarted the service:

echo "2" > /etc/pure-ftpd/conf/TLS
systemctl restart pure-ftpd

In FileZilla, I use the explicit setting to connect. The certificate shows up correctly. It even says that the TLS connection has been established, but then I receive the ECONNREFUSED error message.

The following ports are opened on the firewall: 21, 22, 989, 990

UFW is deactivated on the server itself.

There is nothing in the syslogs or Pure-FTPd logs. I am out of ideas and really hope someone can help me here.

Filezilla

Martin Prikryl
  • 24,007
Manuel
  • 13

1 Answers1

0

If you get certificate prompt, you can connect. The ECONNREFUSED probably refers to the data connection for directory listing, as you have not opened data ports.

In Pure-FTPd you configure the data ports using --passiveportrange <minport:maxport> command-line switch. And you need to open those ports in your firewall.

Plain unencrypted FTP likely works because your firewall is able to track the unencrypted FTP control connection and open the data ports as needed (in the built-in Windows firewall the feature is called "stateful FTP filtering"). That's not possible when the control connection is encrypted.

Btw, 990 is used for implicit TLS connections only, you generally do not need it either. And the 989 does not have to be opened for FTP at all.

Martin Prikryl
  • 24,007