From 6cae26d9565ce72a1db1c15501df28732b5f8065 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@alternc.org>
Date: Mon, 11 Aug 2008 10:19:29 +0000
Subject: [PATCH] Fixing TLS for proftpd : CertificateFile IS REQUIRED for TLS
 to work

---
 etc/alternc/templates/proftpd/proftpd.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/etc/alternc/templates/proftpd/proftpd.conf b/etc/alternc/templates/proftpd/proftpd.conf
index ba48feef..c59fc67f 100644
--- a/etc/alternc/templates/proftpd/proftpd.conf
+++ b/etc/alternc/templates/proftpd/proftpd.conf
@@ -44,6 +44,12 @@ RequireValidShell		off
 TLSRSACertificateKeyFile	/etc/apache-ssl/apache.pem
 TLSRSACertificateFile		/etc/apache-ssl/apache.pem
 TLSEngine                       on
+# Use the IANA registered ephemeral port range
+# If you have a firewall, you should open this portrange 
+# (or change it)
+# since ip_conntrack_ftp cannot decrypt TLS session.
+PassivePorts 49152 65534
+
 
 <Directory /*>
         DenyAll