Re: [CentOS] regarding vpn server for 1500 clients
> Just out of my own curriosity have you gave the thought of using > deadicated > or virtual circuits for the VPN implimentation? Like Frame Relay or ATM? > Are > you passing off the connections to a secondairy network access server? Or > how do you plan on rolling this out, configuration wise? > user will connect vpn using isp leased line. vpn server in dmz. application server is in inside network. no planing for atm / frame relay. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
> Dhaval Thakar wrote: >>> If you could use a lower CPU intensive crypt like blowfish, it would be >>> easier. >>> >>> Are all these trading partners in different locations or are there semi >>> large >>> groups in the same locations? >>> >> all these are end users. >> they connect software from home / offices. > > Do they actually need a generic VPN? If they only run a few > applications you might be able to use https or similar ssl based > connections and avoid the routing/addressing/MTU issues. You can still > use certificate based authentication in one or both directions if you > want. > > Also if the application(s) can be made to run over normal https (i.e. a > web interface) you get the advantage of working though most existing > proxies and firewalls, plus on the host end you have the option of > scaling up with a load balancer that handles the ssl processing and > reverse-proxies to a pool of backend servers. they need database access. I prefre providing database over vpn rather providing via internet on different tcp port. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Guy Boisvert > Sent: Saturday, December 20, 2008 2:30 PM > To: CentOS mailing list > Subject: Re: [CentOS] FTPS setup problem > > John wrote: > > > > Why are they not using using Dreamweaver to access the ftp > site??? This can > > be done! Look at the top menus, Sites | Manage Sites | New > | FTP or RDP | > > Then Choose SFTP in the Dropdown Box |. > > > > JohnStanley > > > > Hi John, > > I'd certainly like to but i am at the config/testing > stage! If i can't > validate vsftpd working ok with SSL/TLS, i won't tell my > client to try > to connect with DreamWeaver. --- Tell him to load up Dreamweaver... Here is the answer: ethans27 sshd[10741]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ethan27 Dec 21 02:08:08 ethans27 sshd[10743]: Accepted password for ethan from 192.168.0.1 port 1938 ssh2 Dec 21 02:08:08 ethans27 sshd[10743]: pam_unix(sshd:session): session opened for user ethan by (uid=0) Dec 21 02:08:08 ethans27 sshd[10745]: subsystem request for sftp Dec 21 02:08:09 ethans27 sshd[10743]: pam_unix(sshd:session): session closed for user ethan Dec 21 02:08:12 ethans27 sshd[10763]: Accepted password for ethan from 192.168.0.1 port 1941 ssh2 Dec 21 02:08:12 ethans27 sshd[10763]: pam_unix(sshd:session): session opened for user ethan by (uid=0) Dec 21 02:08:12 ethans27 sshd[10765]: subsystem request for sftp Dec 21 02:11:04 ethans27 sshd[10763]: pam_unix(sshd:session): session closed for user ethan - The config file as follows choose one or the other authentication method. anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/vsftpd.chroot_list pam_service_name=vsftpd userlist_enable=YES listen=YES tcp_wrappers=YES ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=NO ssl_sslv2=YES ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem Cert generation: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout \ /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem This configuration as is will work with Dreamweaver 8 and Visual Studio as tested. Now for Filezilla and the other FTP Utilities I can not account for. It does chroot the user to his/her home directory. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] HAL Daemon failure on boot up
I've been having a problem for a while: when booting, haldaemon will fail, leaving me without CD/DVD and floppy drives available. Has anyone else had this kind of problem? If so, can anyone suggest a solution? Thanks for listening, Dick -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin 1755 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kerberos for squid auth
>You use kinit before joining the AD to test AD auth. That is, you want >to be sure your "linux" side is configured properly to get a kerberos >ticket in the first place. If you're able to get one, you should be to >join the domain. Ranbir, Yeah it's been working ever since but there are some errors in the logs even though users auth silently and it all just works. Once I am back from holidays I had planned to read up on winbind and samba as it relates to AD... Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] flash fails to work on Los Angeles Times website - fix
On Sat, Dec 20, 2008 at 7:13 PM, Mark Pryor wrote: > Hello, > > I have a 32-bit install of C5.2 on my Intel Centrino Laptop (2005). > The Adobe flash plugin works fine in Firefox in all cases except on the Los > Angeles Times website http://www.latimes.com. > > I was baffled by this for a few months, since it works on another 32-bit C5.2 > box. When I realized that the only real difference was that the laptop had no > LAMP install, and both had the same elaborate set of hosts redirects (to > avoid adverts), it seemed reasonable that the /etc/hosts file might be the > culprit. > > Sure enough, both boxes had this line in the redirects > --- /etc/hosts > 127.0.0.1 ad.doubleclick.net > --- end snip - > That's not a CentOS bug. That's a bug with your local configuration. I don't understand what you want CentOS people to do here. Is this hosts entry actually added by a package? If so, that's the real bug here. --Russell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] flash fails to work on Los Angeles Times website - fix
Hello, I have a 32-bit install of C5.2 on my Intel Centrino Laptop (2005). The Adobe flash plugin works fine in Firefox in all cases except on the Los Angeles Times website http://www.latimes.com. I was baffled by this for a few months, since it works on another 32-bit C5.2 box. When I realized that the only real difference was that the laptop had no LAMP install, and both had the same elaborate set of hosts redirects (to avoid adverts), it seemed reasonable that the /etc/hosts file might be the culprit. Sure enough, both boxes had this line in the redirects --- /etc/hosts 127.0.0.1 ad.doubleclick.net --- end snip - I could see that flash was hanging on the laptop when it looked for a response from ad.doubleclick.net In order to fix the bug, I commented out the line. Flash now worked! In order to avoid the advert, I changed 127.0.0.1, to another private LAMP install on my home network (192.168.1.104). Problem solved. At the very least this redirect needs to return a response, or the flash video will hang and never start. This is true for the LA Times implementation of adverts, at least. Maybe your newspaper sites behave similarly. My 2cents worth of troubleshooting, Mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
John wrote: >> -Original Message- >> From: centos-boun...@centos.org >> [mailto:centos-boun...@centos.org] On Behalf Of Les Mikesell >> Sent: Saturday, December 20, 2008 1:20 PM >> To: CentOS mailing list >> Subject: Re: [CentOS] regarding vpn server for 1500 clients >> >> Dhaval Thakar wrote: >> If you could use a lower CPU intensive crypt like >> blowfish, it would be easier. >> Are all these trading partners in different locations or >> are there semi large >> groups in the same locations? >>> all these are end users. >>> they connect software from home / offices. >>> >> Do they actually need a generic VPN? If they only run a few >> applications you might be able to use https or similar ssl based >> connections and avoid the routing/addressing/MTU issues. You >> can still >> use certificate based authentication in one or both >> directions if you want. >> >> Also if the application(s) can be made to run over normal >> https (i.e. a >> web interface) you get the advantage of working though most existing >> proxies and firewalls, plus on the host end you have the option of >> scaling up with a load balancer that handles the ssl processing and >> reverse-proxies to a pool of backend servers. >> > - > Just out of my own curriosity have you gave the thought of using deadicated > or virtual circuits for the VPN implimentation? Like Frame Relay or ATM? Are > you passing off the connections to a secondairy network access server? Or > how do you plan on rolling this out, configuration wise? > have you and FR or ATM rollout experience? Mine is 15 years old and it was NOT for end user applications. Small offices was hard enough. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kerberos for squid auth
On Mon, 2008-12-15 at 23:47 -0700, Joseph L. Casale wrote: > When you use kinit to acquire a Kerberos ticket prior to > joining a Win2k3 domain with net ads join -U is that > ticket merely used for the join that follows? When it expires > does this mean anything? You use kinit before joining the AD to test AD auth. That is, you want to be sure your "linux" side is configured properly to get a kerberos ticket in the first place. If you're able to get one, you should be to join the domain. HTH, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.27.7-53.fc9.x86_64 x86_64 GNU/Linux 21:46:24 up 6 days, 2:15, 13 users, load average: 0.61, 0.73, 0.63 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Guy Boisvert > Sent: Saturday, December 20, 2008 3:38 PM > To: CentOS mailing list > Subject: Re: [CentOS] FTPS setup problem > > John wrote: > >> He's testing it. Access with Dreamweaver may indeed work. > > > > Ahh, DW will connect to my my ftp machine but I don't know > about sftp. To me > > it is just easier to use DW or Visual Studio internal ftp > tools to manage a > > site easier. I will try his config later on just to check > it outwith DW. > > > > JohnStanley > > > > ... and SFTP is not the same as FTPS. > > Actually, i tried with FileZilla (it seems to have an > official bug with > vsftpd and FTPS) and SmartFTP and both had problems. > > So that's why i asked the question to the list. I dunno if i have > something wrong with the config, or any other subtility. -- ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem In the below could you just try only one type to see if that will work? As in "ssl_sslv2=YES" ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=NO ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of MHR > Sent: Saturday, December 20, 2008 6:33 PM > To: CentOS mailing list > Subject: Re: [CentOS] regarding vpn server for 1500 clients > > On Sat, Dec 20, 2008 at 10:50 AM, John wrote: > > > > Just out of my own curriosity have you gave the thought of > using deadicated > > Was that a freudian slip? > > :-) > > mhr Thinking in one place typing in another. I need a dictionary! JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
On Sat, Dec 20, 2008 at 10:50 AM, John wrote: > > Just out of my own curriosity have you gave the thought of using deadicated Was that a freudian slip? :-) mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
Kai Schaetzl wrote: > I threw that configuration you posted on a working vsftpd (working without > SSL) on CentOS 5 and can only confirm that it doesn't work. One obvious > problem is port 990 as ftps wants to connect via port 990. In Filezilla > you can choose to use FTPES which seems to connect to port 21 and force an > SSL auth. This actually works as you get the certificate displayed to > accept it and you can login. However, the directory listing fails. I tried > changing to active, disallowing certain protocols etc. It all fails at the > same stage. > The link posted (http://bugs.proftpd.org/show_bug.cgi?id=3094) seems to > apply exactly to this situation. So, you simply will not be able to work > with a newer Filezilla client against a vsftpd server without this patch. > > Status: Connecting to 192.168.1.232:21... > Status: Connection established, waiting for welcome message... > Response: 220 FTP > Command:AUTH TLS > Response: 234 Proceed with negotiation. > Status: Initializing TLS... > Status: Verifying certificate... > Command:USER kai > Status: TLS/SSL connection established. > Response: 331 Please specify the password. > Command:PASS > Response: 230 Login successful. > Command:SYST > Response: 215 UNIX Type: L8 > Command:FEAT > Response: 211-Features: > Response:AUTH SSL > Response:AUTH TLS > Response:EPRT > Response:EPSV > Response:MDTM > Response:PASV > Response:PBSZ > Response:PROT > Response:REST STREAM > Response:SIZE > Response:TVFS > Response: 211 End > Command:PBSZ 0 > Response: 200 PBSZ set to 0. > Command:PROT P > Response: 200 PROT now Private. > Status: Connected > Status: Retrieving directory listing... > Command:PWD > Response: 257 "/" > Command:TYPE I > Response: 200 Switching to Binary mode. > Command:PASV > Response: 227 Entering Passive Mode (192,168,1,232,75,253) > Command:LIST > Response: 150 Here comes the directory listing. > Status: Server did not properly shut down TLS connection > Error: Transfer connection interrupted: ECONNABORTED - Connection aborted > Response: 226 Directory send OK. > Error: Failed to retrieve directory listing > > Kai > Hi Kai, Thanks for your input. I had problem with SmartFTP too which was supposed to work with this setup. Then, i don't know if i should report a bug... It's just too bad i can't make this work... Ragards, Guy Boisvert, ing. IngTegration inc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
John wrote: >> He's testing it. Access with Dreamweaver may indeed work. > > Ahh, DW will connect to my my ftp machine but I don't know about sftp. To me > it is just easier to use DW or Visual Studio internal ftp tools to manage a > site easier. I will try his config later on just to check it outwith DW. > > JohnStanley > ... and SFTP is not the same as FTPS. Actually, i tried with FileZilla (it seems to have an official bug with vsftpd and FTPS) and SmartFTP and both had problems. So that's why i asked the question to the list. I dunno if i have something wrong with the config, or any other subtility. Guy Boisvert, ing. IngTegration inc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
John wrote: > > Why are they not using using Dreamweaver to access the ftp site??? This can > be done! Look at the top menus, Sites | Manage Sites | New | FTP or RDP | > Then Choose SFTP in the Dropdown Box |. > > JohnStanley > Hi John, I'd certainly like to but i am at the config/testing stage! If i can't validate vsftpd working ok with SSL/TLS, i won't tell my client to try to connect with DreamWeaver. Guy Boisvert, ing. IngTegration inc. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Kai Schaetzl > Sent: Saturday, December 20, 2008 11:32 AM > To: centos@centos.org > Subject: Re: [CentOS] FTPS setup problem > > John wrote on Sat, 20 Dec 2008 11:16:01 -0500: > > > Why are they not using using Dreamweaver to access the ftp > site??? This can > > be done! Look at the top menus, Sites | Manage Sites | New > | FTP or RDP | > > Then Choose SFTP in the Dropdown Box |. > > He's testing it. Access with Dreamweaver may indeed work. Ahh, DW will connect to my my ftp machine but I don't know about sftp. To me it is just easier to use DW or Visual Studio internal ftp tools to manage a site easier. I will try his config later on just to check it outwith DW. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Les Mikesell > Sent: Saturday, December 20, 2008 1:20 PM > To: CentOS mailing list > Subject: Re: [CentOS] regarding vpn server for 1500 clients > > Dhaval Thakar wrote: > >> If you could use a lower CPU intensive crypt like > blowfish, it would be easier. > >> > >> Are all these trading partners in different locations or > are there semi large > >> groups in the same locations? > >> > > all these are end users. > > they connect software from home / offices. > > Do they actually need a generic VPN? If they only run a few > applications you might be able to use https or similar ssl based > connections and avoid the routing/addressing/MTU issues. You > can still > use certificate based authentication in one or both > directions if you want. > > Also if the application(s) can be made to run over normal > https (i.e. a > web interface) you get the advantage of working though most existing > proxies and firewalls, plus on the host end you have the option of > scaling up with a load balancer that handles the ssl processing and > reverse-proxies to a pool of backend servers. - Just out of my own curriosity have you gave the thought of using deadicated or virtual circuits for the VPN implimentation? Like Frame Relay or ATM? Are you passing off the connections to a secondairy network access server? Or how do you plan on rolling this out, configuration wise? JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding vpn server for 1500 clients
Dhaval Thakar wrote: >> If you could use a lower CPU intensive crypt like blowfish, it would be >> easier. >> >> Are all these trading partners in different locations or are there semi large >> groups in the same locations? >> > all these are end users. > they connect software from home / offices. Do they actually need a generic VPN? If they only run a few applications you might be able to use https or similar ssl based connections and avoid the routing/addressing/MTU issues. You can still use certificate based authentication in one or both directions if you want. Also if the application(s) can be made to run over normal https (i.e. a web interface) you get the advantage of working though most existing proxies and firewalls, plus on the host end you have the option of scaling up with a load balancer that handles the ssl processing and reverse-proxies to a pool of backend servers. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] AHCI at boot?
>So I'm wondering what config files I need to tweak, to help the >already installed system use the "new" ahci controller? Previously, >it appears to have been using the piix module to access the drive with >the root fs on it. So, you need modprobe.conf to reflect this as well as a new initrd. On a similar system I have from Asus my modprobe.conf looks like this: alias scsi_hostadapter ata_piix alias scsi_hostadapter1 ahci I assume the ata_piix is still required for the jmicron ide controller. After editing this, run mkinitrd which will look there and then load the required modules. HTH, jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
John wrote on Sat, 20 Dec 2008 11:16:01 -0500: > Why are they not using using Dreamweaver to access the ftp site??? This can > be done! Look at the top menus, Sites | Manage Sites | New | FTP or RDP | > Then Choose SFTP in the Dropdown Box |. He's testing it. Access with Dreamweaver may indeed work. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
> -Original Message- > From: centos-boun...@centos.org > [mailto:centos-boun...@centos.org] On Behalf Of Guy Boisvert > Sent: Friday, December 19, 2008 12:43 PM > To: CentOS mailing list > Subject: [CentOS] FTPS setup problem > > Hi! > > I'm trying to figure out what's going wrong with a > "simple" FTPS setup > and VSFTPD. > > I saw references on Google and tried, and tried, and > tried... without > success. > > I'll start by explaining my situation: I have a WEB > development server > behind a firewall. It's currently only for the intranet. We > now have > an external company that will have to do a new website for us and we > want them to access securely our development server. > > Internally, we access it with regular FTP (we use > DreamWeaver 8). In > the references i saw, i'd just add the following lines and it is > supposed to work: > > ssl_enable=YES > allow_anon_ssl=NO > force_local_data_ssl=NO > force_local_logins_ssl=NO > ssl_tlsv1=YES > ssl_sslv2=YES > ssl_sslv3=NO > rsa_cert_file=/etc/vsftpd/vsftpd.pem > > > > Here are the previous lines in my vsftpd config: > > anonymous_enable=YES > local_enable=YES > write_enable=YES > local_umask=022 > dirmessage_enable=YES > xferlog_enable=YES > connect_from_port_20=YES > xferlog_std_format=YES > chroot_local_user=YES > chroot_list_enable=YES > chroot_list_file=/etc/vsftpd/vsftpd.chroot_list > pam_service_name=vsftpd > userlist_enable=YES > listen=YES > tcp_wrappers=YES > > > I generated the PEM cert with the following command: > > openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout > /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem > > > I tried to connect with FileZilla without luck. I heard that > FileZilla > may have a problem with vsftpd in FTPS mode so i downloaded SmartFTP > which i read should be able to connect. > > When i try, i get this error message: > > SSL/TLS client handshake failed (Error = 0x80090308) > > > > Does anybody could give me a pointer on this? --- Why are they not using using Dreamweaver to access the ftp site??? This can be done! Look at the top menus, Sites | Manage Sites | New | FTP or RDP | Then Choose SFTP in the Dropdown Box |. JohnStanley ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] AHCI at boot?
I'm having trouble getting a Centos installation to boot on a system with hdd's hanging off an AHCI hba. Long ago, I posted about only seeing four of the six sata ports on my asus server board. According to research I've done since then (I now need the ports!), the solution is to enable the AHCI bios, which turns on NCQ and the last two ports. The already installed system does not like the fact I've changed to ahci and does not load the ahci module, eventually failing to boot complaining it cannot mount the root fs, killing init, etc. If I boot off the 5.2 installation dvd or a fedora 9 dvd, the kernel boots just fine, loads up the ahci module and sees the drives no problem. So I'm wondering what config files I need to tweak, to help the already installed system use the "new" ahci controller? Previously, it appears to have been using the piix module to access the drive with the root fs on it. I'm using the 64-bit 2.6.18-92.1.18 centosplus kernel (for XFS support). The box is running an asus dsbf-de board, with 2x e5405 cpus and 16g of ram. There are six drives on the ahci, one 80g "system" drive (the boot drive), and five 750g storage drives. There is also a supermicro 8 port sata hba in the system, with five 250g drives on it. The supermicro uses the sata_mv module and is detected just fine. Thanks for any suggestions! Gordon ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FTPS setup problem
I threw that configuration you posted on a working vsftpd (working without SSL) on CentOS 5 and can only confirm that it doesn't work. One obvious problem is port 990 as ftps wants to connect via port 990. In Filezilla you can choose to use FTPES which seems to connect to port 21 and force an SSL auth. This actually works as you get the certificate displayed to accept it and you can login. However, the directory listing fails. I tried changing to active, disallowing certain protocols etc. It all fails at the same stage. The link posted (http://bugs.proftpd.org/show_bug.cgi?id=3094) seems to apply exactly to this situation. So, you simply will not be able to work with a newer Filezilla client against a vsftpd server without this patch. Status: Connecting to 192.168.1.232:21... Status: Connection established, waiting for welcome message... Response: 220 FTP Command:AUTH TLS Response: 234 Proceed with negotiation. Status: Initializing TLS... Status: Verifying certificate... Command:USER kai Status: TLS/SSL connection established. Response: 331 Please specify the password. Command:PASS Response: 230 Login successful. Command:SYST Response: 215 UNIX Type: L8 Command:FEAT Response: 211-Features: Response:AUTH SSL Response:AUTH TLS Response:EPRT Response:EPSV Response:MDTM Response:PASV Response:PBSZ Response:PROT Response:REST STREAM Response:SIZE Response:TVFS Response: 211 End Command:PBSZ 0 Response: 200 PBSZ set to 0. Command:PROT P Response: 200 PROT now Private. Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 "/" Command:TYPE I Response: 200 Switching to Binary mode. Command:PASV Response: 227 Entering Passive Mode (192,168,1,232,75,253) Command:LIST Response: 150 Here comes the directory listing. Status: Server did not properly shut down TLS connection Error: Transfer connection interrupted: ECONNABORTED - Connection aborted Response: 226 Directory send OK. Error: Failed to retrieve directory listing Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos