On Jan 28, 2008 5:55 PM, Stef wrote:
>
> The user who want to connect on your ftp server have a correct
> homedirectory (homedir) on SQL database ?

Yes. I can successfully connect using port 21.

> Can you put the log of proftpd (/var/log/proftpd/proftpd.log) please ?

Using /usr/local/sbin/proftpd -nd 4, an extract is below:

linux01.local (1.2.3.4[1.2.3.4]) - FTP session requested from unknown class
linux01.local (1.2.3.4[1.2.3.4]) - connected - local : 192.168.10.11:990
linux01.local (1.2.3.4[1.2.3.4]) - connected - remote : 1.2.3.4:50441
linux01.local (1.2.3.4[1.2.3.4]) - FTP session opened.
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'USER
intCompany3' to mod_tls
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'USER
intCompany3' to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'USER
intCompany3' to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'USER
intCompany3' to mod_delay
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'USER
intCompany3' to mod_auth
linux01.local (1.2.3.4[1.2.3.4]) - dispatching CMD command 'USER
intCompany3' to mod_auth
linux01.local (1.2.3.4[1.2.3.4]) - no supplemental groups found for
user 'intCompany3'
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'USER
intCompany3' to mod_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'USER
intCompany3' to mod_delay
linux01.local (1.2.3.4[1.2.3.4]) - mod_delay/0.5: delaying for 117 usecs
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'USER
intCompany3' to mod_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'USER
intCompany3' to mod_log
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_tls
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_sql
linux01.local (1.2.3.4[1.2.3.4]) - no supplemental groups found for
user 'intCompany3'
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_delay
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PASS
(hidden)' to mod_auth
linux01.local (1.2.3.4[1.2.3.4]) - dispatching CMD command 'PASS
(hidden)' to mod_auth
linux01.local (1.2.3.4[1.2.3.4]) - user intCompany3 authenticated by mod_sq=
l.c
linux01.local (1.2.3.4[1.2.3.4]) - USER intCompany3: Login successful.
linux01.local (1.2.3.4[1.2.3.4]) - Preparing to chroot to directory
'/home/intCompany3'
linux01.local (1.2.3.4[1.2.3.4]) - Environment successfully chroot()ed.
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_cap
linux01.local (1.2.3.4[1.2.3.4]) - mod_cap/1.0: capabilities '=3D
cap_net_bind_service+ep'
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_tls
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_quotatab
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_delay
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_log
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_ls
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PASS
(hidden)' to mod_auth
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'PASS
(hidden)' to mod_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'PASS
(hidden)' to mod_log
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'FEAT' to mo=
d_tls
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'FEAT'
to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'FEAT'
to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching CMD command 'FEAT' to mod_co=
re
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'FEAT'
to mod_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'FEAT' to mo=
d_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'FEAT' to mo=
d_log
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PWD' to mod=
_tls
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PWD' to mod=
_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'PWD' to mod=
_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching CMD command 'PWD' to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'PWD' to mo=
d_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'PWD' to mod=
_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'PWD' to mod=
_log
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'QUIT' to mo=
d_tls
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'QUIT'
to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'QUIT'
to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - dispatching PRE_CMD command 'QUIT' to mo=
d_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching CMD command 'QUIT' to mod_co=
re
linux01.local (1.2.3.4[1.2.3.4]) - dispatching POST_CMD command 'QUIT'
to mod_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'QUIT' to mo=
d_sql
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'QUIT' to mo=
d_log
linux01.local (1.2.3.4[1.2.3.4]) - dispatching LOG_CMD command 'QUIT'
to mod_core
linux01.local (1.2.3.4[1.2.3.4]) - FTP session closed.


>
> ne... a =E9crit :
>
> On Jan 28, 2008 1:54 PM, wrote:
>
>
> Hi,
>
> I Think you have a problem with your firewall configuration, Do you forwa=

rd
> your
> passive port (49152 65534 same a lot) on your private server ip adress ?
>
> All ports, 1-65535, on the firewall are forwarded to the server. On
> the ftp server,
> iptables has no rules:
>
> [linux01]# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Selon "ne..." :
>
> I am using Proftpd 1.3.0a on Fedora Core 6 with iptables off. A person
> connects to an external ip which then
> forwards all traffic to 192.168.10.11. I can login fine. My conf is
> listed below:
>
> DefaultRoot ~
> DefaultServer on
> SocketBindTight on
> UseReverseDNS off
> RootLogin off
> RequireValidShell off
>
> SQLAuthTypes Plaintext Crypt
> SQLAuthenticate users* groups*
> SQLConnectInfo ftp@localhost proftpd luvlyPassword
> SQLUserInfo ftpuser userid passwd uid gid homedir shell
> SQLGroupInfo ftpgroup groupname gid members
> SQLMinID 500
> SQLHomedirOnDemand on
> SQLLog PASS updatecount
> SQLNamedQuery updatecount UPDATE "count=3Dcount+1, accessed=3Dnow() WHERE
> userid=3D'%u'" ftpuser
> SQLLog STOR,DELE modified
> SQLNamedQuery modified UPDATE "modified=3Dnow() WHERE userid=3D'%u'" ftpu=

ser
>
>
> TLSEngine on
> TLSLog /var/log/proftpd/tls.log
> TLSRequired off
> TLSProtocol SSLv23
> TLSRSACertificateFile /usr/local/etc/proftpd/server.crt
> TLSRSACertificateKeyFile /usr/local/etc/proftpd/server.key
> TLSCACertificateFile /usr/local/etc/proftpd/ca.crt
> TLSVerifyClient off
> TLSRenegotiate required off
>

>
> # Virtual host setup for port 990
>
> Port 990
> DefaultRoot ~
> MasqueradeAddress xxx.yyy.zzz.aaa
> SQLAuthTypes Plaintext Crypt
> SQLAuthenticate users* groups*
> SQLConnectInfo ftp@localhost proftpd luvlyPassword
> SQLUserInfo ftpuser userid passwd uid gid homedir shell
> SQLGroupInfo ftpgroup groupname gid members
> SQLMinID 500
> SQLHomedirOnDemand on
> SQLLog PASS updatecount
> SQLNamedQuery updatecount UPDATE "count=3Dcount+1,
> accessed=3Dnow()WHERE userid=3D'%u'" ftpuser
> SQLLog STOR,DELE modified
> SQLNamedQuery modified UPDATE "modified=3Dnow() WHERE userid=3D'%u'" ftp=

user
> PassivePorts 49152 65534
> IdentLookups off
> RootLogin off
> RequireValidShell off
> # UseReverseDNS off
> #
> # DenyAll
> #

>
> TLSEngine on
> TLSLog /var/log/proftpd/tls.log
> TLSRequired off
> TLSRSACertificateFile /usr/local/etc/proftpd/server.crt
> TLSVerifyClient off
> TLSRenegotiate required off
>

>
>
>
> When I try to get listings of the directories, I get what is shown in
> the log snippet below:
>
> linux01.local (ext.ip[ext.ip]) - dispatching LOG_CMD command 'PASV' to
> mod_sql
> linux01.local (ext.ip[ext.ip]) - dispatching LOG_CMD command 'PASV' to
> mod_log
> linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
> mod_tls
> linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
> mod_core
> linux01.local (ext.ip[ext.ip]) - dispatching PRE_CMD command 'LIST' to
> mod_core
> linux01.local (ext.ip[ext.ip]) - dispatching CMD command 'LIST' to mod_ls
>
>
> Using fireftp, this is what is shown in the connexion window:
>
> 220 ProFTPD 1.3.0a Server (ProFTPD) [masq.address]
> AUTH TLS
> 234 AUTH TLS successful
> PBSZ 0
> 200 PBSZ 0 successful
> USER ftpxyz
> 331 Password required for ftpxyz.
> PASS (password not shown)
> 230 User ftpxyz logged in.
> FEAT
> 211-Features:
> MDTM
> REST STREAM
> SIZE
> AUTH TLS
> PBSZ
> PROT
> 211 End
> PWD
> 257 "/" is current directory.
> TYPE A
> 200 Type set to A
> PROT P
> 200 Protection set to Private
> PASV
> 227 Entering Passive Mode (masq,address,227,8).
> LIST
>
> Any pointers on how to fix this is much appreciated. I have trawled
> thru the list for the past year and not
> come across a solution to my problem.


ne...
-- =

Registered Linux User # 125653 (http://counter.li.org)
Certified: 75% bastard, 42% of which is tard.
http://www.thespark.com/bastardtest
Now accepting personal mail for GMail invites.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html