Re: ProFTP

From: Paul Mather (paul_at_gromit.dlib.vt.edu)
Date: 04/28/04 

Date: Wed, 28 Apr 2004 11:52:06 -0400
To: freebsd-questions@freebsd.org

On Wed, 28 Apr 2004 00:11:22 -0700, "Jason Suplizio" <suplizio@blarg.net> wrote:

=> Please help: I've spent a good 4-5 hours trying to get ProFTP up
=> and running on my fresh FreeBSD 5.1 install - during which I have read
=> everything that I could get my hands/eyes on and tried every trick I
=> could find. Essentially, I am trying to set up ftp accounts for 3
=> users, each with there own unique username/password login - which are
=> working as verified by ssh - to use as a java servlet dev box.
=>
=> The problem: I can not establish an FTP connection to port 21. When
=> it appears that I have an ftp connection, there is no directory
=> listing nor a list of the remote files. I have a small firewall
=> (built-in to my router), and have opened up ports 20 & 21. At one
=> point I got a "PAM(username) authentication error" - but everything
=> looked good (to my eyes) in the /etc/pam.d/ftp & ftpd files.

If your FTP server is behind a firewall/router (and your clients are,
too), it's likely you are having a problem getting passive FTP
working. Your firewall is probably blocking the passive port range
the FTP server is using for the data connection. The solution is to
open up these ports, too.

To help play nicely with firewalls, ProFTPD includes a "PassivePorts"
directive that can be put into proftpd.conf to define the range of
ports it will use for PASV transfers. If you add something like
"PassivePorts 52300 52323" to proftpd.conf, the FTP server will only
attempt to bind to ports 52300-52323 for PASV transfers. You can
then configure your firewall to allow through incoming traffic in that
range to the FTP server.

Cheers,

Paul.

e-mail: paul@gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

Relevant Pages

  • Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)
    ... > fairly tight(only allowing 4 ports in), but perhaps I could tighten it ... The host systems firewall rules govern the access to the jailed system. ... What connections does your server need to ... Perhaps there is a 0-day for your ftp server out there. ...
    (Incidents)
  • RE: Cannot set up 3rd-party ftp server on VISTA
    ... so no ports to be set there I suppose. ... And even when turning off the McAfee firewall, ... Have you tried connecting to the FTP server from the LAN side? ...
    (microsoft.public.windows.vista.networking_sharing)
  • Re: FTP Server with Norton Internet Security 2003
    ... >trojan intrusion on my system when i try and connect. ... The FTP server ... Any good firewall will block all ports ... If you want to allow ftp traffic through your firewall then you errm, ...
    (comp.security.firewalls)
  • FTP/Firewall problems on XP Pro
    ... built-in firewall enabled, trying to put files on an FTP server. ... the server (or a connection (data) from the server), ... Replace <ftp server> with the name or IP address of the FTP server you ... I have for sure also seen it on lower ports, but i don't see that at ...
    (microsoft.public.windowsxp.general)
  • [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited
    ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ...
    (Securiteam)