--===============0165128411==
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit








The user who want to connect on your ftp server have a correct
homedirectory (homedir) on SQL database ?

Can you put the log of proftpd (/var/log/proftpd/proftpd.log) please ?



ne... a écrit :
cite="mid:a227b70c0801280632g26d28d7cse00c9135f9f5852e@m ail.gmail.com"
type="cite">
On Jan 28, 2008 1:54 PM,  <rey.stef@free.fr> wrote:


Hi,

I Think you have a problem with your firewall configuration, Do you forward your
passive port (49152 65534 same a lot) on your private server ip adress ?


All ports, 1-65535, on the firewall are forwarded to the server. On
the ftp server,
iptables has no rules:

[linux01]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination






Selon "ne..." <guhvies@gmail.com>:




I am using Proftpd 1.3.0a on Fedora Core 6 with iptables off. A person
connects to an external ip which then
forwards all traffic to 192.168.10.11. I can login fine. My conf is
listed below:

DefaultRoot ~
DefaultServer on
SocketBindTight on
UseReverseDNS off
RootLogin off
RequireValidShell off

SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
SQLConnectInfo ftp@localhost proftpd luvlyPassword
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLGroupInfo ftpgroup groupname gid members
SQLMinID 500
SQLHomedirOnDemand on
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE
userid='%u'" ftpuser
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSRequired off
TLSProtocol SSLv23
TLSRSACertificateFile /usr/local/etc/proftpd/server.crt
TLSRSACertificateKeyFile /usr/local/etc/proftpd/server.key
TLSCACertificateFile /usr/local/etc/proftpd/ca.crt
TLSVerifyClient off
TLSRenegotiate required off
</IfModule>

# Virtual host setup for port 990
<VirtualHost 192.168.10.11>
Port 990
DefaultRoot ~
MasqueradeAddress xxx.yyy.zzz.aaa
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
SQLConnectInfo ftp@localhost proftpd luvlyPassword
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLGroupInfo ftpgroup groupname gid members
SQLMinID 500
SQLHomedirOnDemand on
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1,
accessed=now()WHERE userid='%u'" ftpuser
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
PassivePorts 49152 65534
IdentLookups off
RootLogin off
RequireValidShell off
# UseReverseDNS off
# <Limit PASV>
# DenyAll
# </Limit>
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSRequired off
TLSRSACertificateFile /usr/local/etc/proftpd/server.crt
TLSVerifyClient off
TLSRenegotiate required off
</IfModule>
</VirtualHost>


When I try to get listings of the directories, I get what is shown in
the log snippet below:

linux01.local (ext.ip[ext.ip]) - dispatching LOG_CMD command 'PASV' to
mod_sql
linux01.local (ext.ip[ext.ip]) - dispatching LOG_CMD command 'PASV' to
mod_log
linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
mod_tls
linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
mod_core
linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
mod_core
linux01.local (ext.ip[ext.ip]) - dispatching CMD command 'LIST' to mod_ls


Using fireftp, this is what is shown in the connexion window:

220 ProFTPD 1.3.0a Server (ProFTPD) [masq.address]
AUTH TLS
234 AUTH TLS successful
PBSZ 0
200 PBSZ 0 successful
USER ftpxyz
331 Password required for ftpxyz.
PASS (password not shown)
230 User ftpxyz logged in.
FEAT
211-Features:
MDTM
REST STREAM
SIZE
AUTH TLS
PBSZ
PROT
211 End
PWD
257 "/" is current directory.
TYPE A
200 Type set to A
PROT P
200 Protection set to Private
PASV
227 Entering Passive Mode (masq,address,227,8).
LIST

Any pointers on how to fix this is much appreciated. I have trawled
thru the list for the past year and not
come across a solution to my problem.




ne...