On Jan 28, 2008 1:54 PM, wrote:
> Hi,
>
> I Think you have a problem with your firewall configuration, Do you forward your
> passive port (49152 65534 same a lot) on your private server ip adress ?

All ports, 1-65535, on the firewall are forwarded to the server. On
the ftp server,
iptables has no rules:

[linux01]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination




> Selon "ne..." :
>
>
> > I am using Proftpd 1.3.0a on Fedora Core 6 with iptables off. A person
> > connects to an external ip which then
> > forwards all traffic to 192.168.10.11. I can login fine. My conf is
> > listed below:
> >
> > DefaultRoot ~
> > DefaultServer on
> > SocketBindTight on
> > UseReverseDNS off
> > RootLogin off
> > RequireValidShell off
> >
> > SQLAuthTypes Plaintext Crypt
> > SQLAuthenticate users* groups*
> > SQLConnectInfo ftp@localhost proftpd luvlyPassword
> > SQLUserInfo ftpuser userid passwd uid gid homedir shell
> > SQLGroupInfo ftpgroup groupname gid members
> > SQLMinID 500
> > SQLHomedirOnDemand on
> > SQLLog PASS updatecount
> > SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE
> > userid='%u'" ftpuser
> > SQLLog STOR,DELE modified
> > SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
> >
> >
> > TLSEngine on
> > TLSLog /var/log/proftpd/tls.log
> > TLSRequired off
> > TLSProtocol SSLv23
> > TLSRSACertificateFile /usr/local/etc/proftpd/server.crt
> > TLSRSACertificateKeyFile /usr/local/etc/proftpd/server.key
> > TLSCACertificateFile /usr/local/etc/proftpd/ca.crt
> > TLSVerifyClient off
> > TLSRenegotiate required off
> >

> >
> > # Virtual host setup for port 990
> >
> > Port 990
> > DefaultRoot ~
> > MasqueradeAddress xxx.yyy.zzz.aaa
> > SQLAuthTypes Plaintext Crypt
> > SQLAuthenticate users* groups*
> > SQLConnectInfo ftp@localhost proftpd luvlyPassword
> > SQLUserInfo ftpuser userid passwd uid gid homedir shell
> > SQLGroupInfo ftpgroup groupname gid members
> > SQLMinID 500
> > SQLHomedirOnDemand on
> > SQLLog PASS updatecount
> > SQLNamedQuery updatecount UPDATE "count=count+1,
> > accessed=now()WHERE userid='%u'" ftpuser
> > SQLLog STOR,DELE modified
> > SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
> > PassivePorts 49152 65534
> > IdentLookups off
> > RootLogin off
> > RequireValidShell off
> > # UseReverseDNS off
> > #
> > # DenyAll
> > #

> >
> > TLSEngine on
> > TLSLog /var/log/proftpd/tls.log
> > TLSRequired off
> > TLSRSACertificateFile /usr/local/etc/proftpd/server.crt
> > TLSVerifyClient off
> > TLSRenegotiate required off
> >

> >

> >
> >
> > When I try to get listings of the directories, I get what is shown in
> > the log snippet below:
> >
> > linux01.local (ext.ip[ext.ip]) - dispatching LOG_CMD command 'PASV' to
> > mod_sql
> > linux01.local (ext.ip[ext.ip]) - dispatching LOG_CMD command 'PASV' to
> > mod_log
> > linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
> > mod_tls
> > linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
> > mod_core
> > linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
> > mod_core
> > linux01.local (ext.ip[ext.ip]) - dispatching CMD command 'LIST' to mod_ls
> >
> >
> > Using fireftp, this is what is shown in the connexion window:
> >
> > 220 ProFTPD 1.3.0a Server (ProFTPD) [masq.address]
> > AUTH TLS
> > 234 AUTH TLS successful
> > PBSZ 0
> > 200 PBSZ 0 successful
> > USER ftpxyz
> > 331 Password required for ftpxyz.
> > PASS (password not shown)
> > 230 User ftpxyz logged in.
> > FEAT
> > 211-Features:
> > MDTM
> > REST STREAM
> > SIZE
> > AUTH TLS
> > PBSZ
> > PROT
> > 211 End
> > PWD
> > 257 "/" is current directory.
> > TYPE A
> > 200 Type set to A
> > PROT P
> > 200 Protection set to Private
> > PASV
> > 227 Entering Passive Mode (masq,address,227,8).
> > LIST
> >
> > Any pointers on how to fix this is much appreciated. I have trawled
> > thru the list for the past year and not
> > come across a solution to my problem.


ne...
--
Registered Linux User # 125653 (http://counter.li.org)
Certified: 75% bastard, 42% of which is tard.
http://www.thespark.com/bastardtest
Now accepting personal mail for GMail invites.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html