I don't really think most users will have any need of remotelly starting/stopping/restarting their servers. But on the other hand, if the information is available, it is more of a free choice for every user - most probably don't even know you could do that, but when they hear it's possible, they might want to have it that way.



*Note - Use TLSRequired ON to force the use of TLS. OFF means that the use of TLS is optional.

Is there any downside of forcing the use of TLS?

Is there any downside of forcing the use of TLS?You will only be able to login the server if you use a FTP client which support TLS/SSL, for example gFTP don't support it.
If you wish to get quickly a FTP client which support SSL/TLS install the "fireftp" extention of firefox, you just need firefox for that (the OS you use is not important).

Hi Frodon,

Thanks for the response. I will have a look at the link you posted and I will be able to figure out for myself how to set up the key without encryption.

BTW, I have everything setup and working using the configuration parameters that you provide in the howto except for encryption. Works great! Thanks for the Howto!

I tried using gproftpd and found it to be a little restrictive, so I went back to your howto.

I found that the 503 error can be fixed simply by typing:

passwd userftp

and typing in the password desired when prompted after the user is created. Not sure why the command string provided does not work. I think that with the command string provided, the password is not being taken when the user is created, so that when people try to authorize, they get the 503 error because the passwords do not match.

With respect to posting instructions for how to set up the certs and reboot without being asked for passwords, I think that this is completely up to you. My vote would obiously be yes, but clearly, my use of my system is different than a lot of other users. Is it worth it posting the instructions for one person? Probably not.

Thanks for the awesome howto!

-whata

Hi all,

Thanks to Frodon and the link provided, I have been able to remove the password requirement when using SSL certs. I know it can be done a little simpler by not requiring the password in the first place, but as Frodon pointed out, it is more secure than not requiring it. In other words, you are better off sticking to the howto as it is.

If you are looking for the easiest way to not end up with the password requirement, just go to the cert directory and follow most any howto on setting up SSL for an Apache web server. I haven't come across one that had made me type in a password when shutting down and starting up the server.

If you want to remove the password requirement after implementing it per the howto, here's how:

cd /etc/ftpcert
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Enter the password, restart your server and enjoy.

-whata

I would recommend that the instructions to remove the required password be added or change the way certificates are created. Having to enter a password is too intrusive for the average user.

nix4me

It's documented in the guide now, each user will have to make his own choice now ;)

Thanks again whatalotta and nix4me for the feedback.

You will only be able to login the server if you use a FTP client which support TLS/SSL, for example gFTP don't support it.
If you wish to get quickly a FTP client which support SSL/TLS install the "fireftp" extention of firefox, you just need firefox for that (the OS you use is not important).


Ah, I see... Thanks! =)

Frodon,

Actually, thank you. This is one of the better guides I've used. You are also very involved with the users of the howto and very responsive to their queries. Please keep up the great work!

-whata

I found that the 503 error can be fixed simply by typing:

passwd userftp

and typing in the password desired when prompted after the user is created.

i was in agony over this 503 error because i administer 4 linux servers that have no gui interface. the above quoted fix worked to get past the 503 error via cli interface.

thank you so much. this was the only hangup i encountered in the howto.

Great! I'm glad it helped someone.

-whata

Nice fix whatalotta, i add that in the guide, thanks you all for your help, if this guide is that good it's obviously thanks to the feedback you provide.

After some research, I finally have a Proftpd server working with virtual users authenticating through a Mysql database. It also is TLS/SSL enabled.

I wish I had the time to document it step by step but that would take some time.

If alot of users are interested enough, I might consider posting a Howto in the future when I get time.

nix4me

I want to thank everyone for all of the help you've provided. Have gotten ProFTPd up & running with being able to connect with any computer on no-ip.

The only glitch I'm running into which keeps me from putting this into production is not being able to put files into the FTP folders either locally or remotely. Can download fine. The permissions on the folders under ftp-shared are user: ftp group: nogroup.

The image was built & configured by myself with VMWare Workstation to be deployed in Player on a 2000 Server. The reason for this is that I refuse to use IIS.

Not sure if it's in Kubuntu or in my config file. Here's the file:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly off

# Choose here the user alias you want !!!!
# UserAlias sauron userftp

ServerName "Charlie Dunn Productions"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

# DenyFilter \*.*/
DefaultRoot /home/ftp-shared/ftp
# DefaultRoot ~

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for
me)
UseFtpUsers off

UseReverseDNS off
IdentLookups off

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# I know it's not the best...but will save my sanity not taking calls why they can't connect & how to "do this properly."

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
# AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
# AllowUser userftp
# DenyALL
AllowALL
</Limit>

<Directory /home/ftp-shared/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp-shared/ftp/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser phoobar
AllowUser charlie
DenyAll
</Limit>
</Directory>

# Myself & the server admin are the only ones I want being able
# to do anything with the server.

<Directory /home/ftp-shared/ftp/utilities/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser phoobar
AllowUser charlie
DenyAll
</Limit>
</Directory>

<Directory /home/ftp-shared/ftp/waiting/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser phoobar
AllowUser charlie
DenyAll
</Limit>
</Directory>

<Directory> /home/ftp-shared/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Any help you can provide would be greatly appreciated.

I want to thank everyone for all of the help you've provided. Have gotten ProFTPd up & running with being able to connect with any computer on no-ip.

The only glitch I'm running into which keeps me from putting this into production is not being able to put files into the FTP folders either locally or remotely. Can download fine. The permissions on the folders under ftp-shared are user: ftp group: nogroup.You mean that you're not able to upload on your FTP server ?

You mean that you're not able to upload on your FTP server ?

That's the only thing...locally or remotely...that it will not do. On the other hand...if I set it up for anonymous use only...can upload & download.

Thanks for the reply!!!

Your configuration seems good from what i see so i think to a system rights problem.
Check that your upload directory have 777 rights, if it's not the case give it 777 rights because it's needed to be able to upload.

Your configuration seems good from what i see so i think to a system rights problem.
Check that your upload directory have 777 rights, if it's not the case give it 777 rights because it's needed to be able to upload.

The upload directory is set for 777...with the other folders set for 755.

From gFTP...get: Could not change local directory to (whatever folder I'm trying to upload from): not a directory.

From Filezilla...Critical transfer error.

Here's the listing from Filezilla:

Response: 220 ProFTPD 1.2.10 Server ready.
Command: USER charlie
Response: 331 Password required for charlie.
Command: PASS *****
Response: 230 User charlie logged in.
Command: FEAT
Response: 211-Features:
Response: 211-MDTM
Response: 211-REST STREAM
Response: 211-SIZE
Response: 211 End
Command: SYST
Response: 215 UNIX Type: L8
Status: Connected
Response: 257 "/Uploads" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (24,121,25,76,240,182).
Command: STOR AutoGordianKnot.2.27.Setup.exe
Response: 550 AutoGordianKnot.2.27.Setup.exe: Permission denied
Error: Upload failed
Status: Retrieving directory listing...
Command: TYPE A
Response: 200 Type set to A
Command: PASV
Response: 227 Entering Passive Mode (24,121,25,76,240,184).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Response: 226 Transfer complete.
Status: Directory listing successful
Command: TYPE A
Response: 200 Type set to A
Command: TYPE A
Response: 200 Type set to A
Status: Disconnected from server
Command: TYPE A
Response: 200 Type set to A
Command: REST 0
Response: 350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer
Command: TYPE A
Response: 200 Type set to A
Command: DELE /Uploads/AutoGordianKnot.2.27.Setup.exe
Response: 550 /Uploads/AutoGordianKnot.2.27.Setup.exe: Permission denied
Status: Retrieving directory listing...
Command: TYPE A
Response: 200 Type set to A
Command: PASV
Response: 227 Entering Passive Mode (24,121,25,76,240,191).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Response: 226 Transfer complete.
Status: Directory listing successful
Command: PWD
Response: 257 "/Uploads" is current directory.

Any suggestions would be appreciated.

Thanks for all of the suggestions.

Is AutoGordianKnot.2.27.Setup.exe you're trying to upload ?
It seems to be the problem, from what i read from the log it seems to be the file you are trying to upload on the server but of course if the rights on this file are too restrictive and/or if it is owned by root you will not be able to handle it due to rights problems.

From what i know the 550 error tell you that there's a kind of right problems somewhere.

you mean using the command
ftp 192.168.1.X 1980

or using

ftp yourname.homelinux.net 1980


Thanks zasf for your kind reply. Maybe, you have already solved the problem. I am sorry that I am replying back after almost 2 months.

I used the 2nd command. However, The first command will not work since it is an internal ip address which outside world can not see. I had a tough time using proftpd from another machine(OS = Windows) within my home network(some 530, 500 errors) which I think I clarified in my post how to get rid of.

I have a similar configuration to yours, I also have a home server registered with dyndns. What I want to do it to access my ftp server always using the dns name (ie yourname.homelinux.net). How do you achieve that?

Thanks

I think you have registered with dyndns with your IP address which outside world can see(Not the internal one starting with 192). Check your IP address with checkip.com or similar website and if it is not a static IP address, but a dynamic one, you need some client like "noip" or "ddclient"(which I used) to keep dyndns posted about your dynamic IP address. If everything works fine, you can access it from inside or outside network using the address ftp://yourname.homelinux.net.

Finally, if you have a router at home and have more than one computers and turn off your computer(on which proftpd is installed), it is better to have an STATIC INTERNAL IP address for your server computer, since the router uses DHCP(hence dynamic) to assign iternal ip address. Th eprocedure for assigning static internal address to a computer will be given in your router's manual. Otherwise, if you just go with the dynamic internal ip address, make sure to check it, since you have opened the firewall and forwarded the port in your router for this internal ip address only. For example, in my case it was : 192.168.0.10 and since I never switch off my server, it remained the same. However, I checked for my other computer in my hme network that there internal ip addresses change from time to time. Moreover, I think the server is not a laptop. My point is that even it's a laptopwith wireless facility, I would recommend to put it on internet through ethernet for the purpose of proftpd.

Hope it helps.

okay so ive been reading threw this. and ive got proftpd installed now im still trying to get it up and running. Every time i try to start the ftp i get a message that says "Starting ProFTPD ftp daemon: failed" i think it has something to do with the proftpd.conf file but im not sure. any ideas or suggestions would be great. Im basically just trying to set up an FTP server where i can share files to my friends in iraq.

Hi, thanks for writing this howto and thanks all the other contributors; it made the setup almost painless. I have everything working how I would like, basic server for me and my friends who each have their own folders. However, I was wondering if it possible to limit the upload rate so browsing and other things for me and my family do not get drastically slowed down when other people are downloading from me.

Thanks again
Erik

@TransformedBG: you should post your proftpd.conf so someone can help you find the problem.

Just use the TransfertRate (http://www.proftpd.org/localsite/Userguide/linked/config_ref_TransferRate.html) parameter to set the uload and download rates.
For example to limit the dowload rate to 4Kb/s add this line in your proftpd.conf file : TransferRate RETR 4096To limit the upload rate to 4Kb/s : TransferRate STOR 4096

@TransformedBG, without some details on what you did and your proftpd.conf file it would be almost impossible to help you.

k so this is my proftpd.conf file in a nut shell: Im not a 100% sure what i need to change cause this is how it came minus the glens server part.


#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "Glens"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

transformedbg, you have to use sudo to start and stop the server! that's how I got mine to work. if you did the ssl or certificate thingy to encrypt your traffic than it'll ask you for the passwords you used when you created the ceriticates in order to stop and start the server.

Frodon, is it normal to not be able to copy stuff from the upload server onto my work pc when I log in using the username and password I set up????? See what hapened to me was that i set this up in a hurry before work yesterday and didn't put anything in the folders. Then when I loggged in using gftp I got it to work when I was on a local computer, well when I was in gftp I tried transferring all my music from a music folder on the local machine into the download directory and it wouldn't let me??? So then I tried to copy music into the upload directory and it let me. So now I am at work and I want to get access to that music, well I loogged in and it worked but it won't let me copy anything off the server? how do I put stuff in the download folder if I can't write to it? i just thought about this, do i have to transfer stuff to the download folder when I at my server? so the upload folder is only for putting stuff in and nothing out and the download folder is for taking stuff out and nothing in? Ok I get it. I just tested something else out, it'll let me create a directory but I can't rename it, it just says new folder. this is a result of using your proftp.conf file except for the username, folder name, and alias, and I am using the default port 21 because my company doesn't let traffic out on any non-normal port. only 21, 80 etc etc. Can you help me? oh yeah, this is using internet explorer as a client cause I can't install any ftp client.

transformedbg, you have to use sudo to start and stop the server! that's how I got mine to work. if you did the ssl or certificate thingy to encrypt your traffic than it'll ask you for the passwords you used when you created the ceriticates in order to stop and start the server.

ive used sudo, still no luck

k so this is my proftpd.conf file in a nut shell: Im not a 100% sure what i need to change cause this is how it came minus the glens server part.
you'll need to replace all of that with what's in the guide on the first page under step 3.

everything you need to know to configure your ftp server is in the first post of this guide. follow the directions carefully, and you'll end up with a working ftp server.

@dannyboy79, if i understand well you want to upload things in your upload directory and also download them from this same directory later ? Correct me if i'm wrong.
So modify your upload directory section like that : <Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD READ RETR>
AllowAll
</Limit>
</Directory>Read this page (http://www.proftpd.org/localsite/Userguide/linked/config_ref_Limit.html) if you want some details on how to use the LIMIT commands. The LIMIT command defines what is allowed or not in a directory thus you set the rights as you want in the directory if you know how to use them, for example in my guide i prevent file and directory deletion in the upload directory but you may want to change that if it don't fit your needs.

Frodon,
Thank you for responding but you didn't answer the question on how to adjust the upload folder settings so that users can rename a folder they create. I noticed that when I was in IE and I hit new folder, it named it New Folder with a space and wouldn't even let me change the name of the it??? Then later when I was at home I had a hell of a time figureing out how to delete a directory with spaces in it and then it was even worse cause I created 3 of them and IE put (2) and (3) on the end of the New Folder name so I spent probably an hour trying to delete the damn folders. I finally got it by putting rmdir New\ Folder\ \'(2)' but sinjce I am a newbie I had no idea itr was gonna be that hard to simply remove a directory! HA HA ANyway, thanks for the help so far,

All should be explained in the link i gave you, as you can see in my guide and in the example i gave you, file and directory deletion are forbidden in the upoload directory due to this section : <Limit RMD DELE>
DenyAll
</Limit>It says that RMD and DELE ftp commands are denied in the upload directory, so if you remove them from this section and add them to the "allow" section they will be allowed.
The ftp commands for the rename actions are RNFR and RNTO, add them to the "allow" list in the upload directory section if you want to allow them.
So your upload directory section would look like that : <Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit STOR CWD MKD READ RETR DELE RMD RNFR RNTO>
AllowAll
</Limit>
</Directory>

Thanks zasf for your kind reply. Maybe, you have already solved the problem. I am sorry that I am replying back after almost 2 months.

Thanks for your reply but I think you didn't get my point.

Anyway I discovered that what I meant is commonly known as "local loopback" wich is a feature that most home/office routers don't have.

There are hacks to modify your router's iptables but they are lost on power off.. so what I'm planning to do (when I have a little time) is to make a script on my server (behind router) to perform such hacks periodically.

Thank you anyway,

I setup the proftpd server with GProFTPD and here is what I'm trying to do:

I wanna have the home folder set to default: /home/ftp, but I would like to be able to access the /var/www directory as well.

How do I accomplish that? I made a simlink of the /var/www into the home folder, but when I connect thru FTP, I can't access it.

Use:
mount --bind /var/www /home/ftp/www

Make sure you create the www dir in /home/ftp and run the command as sudo.

Will work like a champ.

nix4me

Use:
mount --bind /var/www /home/ftp/www

Make sure you create the www dir in /home/ftp and run the command as sudo.

Will work like a champ.

nix4me

yes it does, thank you.

Also, I'm assuming that all the other users will be able to see this directory though. I have to figure out a way to restrict them

Ok, I have one more issue now. Every time I try to connect, I don't ge the directory listings, and after a while it times out.

I'm behind a router, so I forwarded the FTP port, and I also added the MasqueradeAddress and the Passive Ports 60000 65555.

Am I missing something? For the MasquaradeAddress, I used the name.dyndns.org account that I have.

You have to forward the passive ports also. Thats why the dir listing is timing out.

You can also limit the users who can list the www dir by using the limit command in the proftpd config.


nix4me

frodon, thank you very much for your response. I have posted many questions in these forums and have only been helped 2 times, this time and 1 other time someone attempted to help but to no success. Sometimes I just wonder what these forums are for if users who arent having problems don't come in here once in a while and read thru them and say to themselves, oh, I have that working on my machine, maybe I should respond to this one so I am can help out fellow Ubuntu users!!! Hell I am a newbie and I have helped other newbies who started linux after me with over a dozen things! My unsolved things are a Microsolution Cd-Burner hooked via USB doesn; work, they even have a linux download and it says it uploads the firmware to my CD writer thru the hot plug thingy but I don;t know what do with all the stuff that the .tar contained? ALso, I am having a hell of a time getting Ubuntu Nautilus to browse my WINXP box thru the Servers pull down. After a long pause it states that it can't display all the contents of the folder??? Also, The sound out of my right speaker stopped working after I played songs thru XMMS thru a remote desktop setup. Weird but no one has hardly even bothered to help me figuer out what to do and since I am a newbie all I can do is gogle for hours on hours and read until my eyes pop out of my head which i have done for so long I pretty much give up and then try another day. Anyway, sorry for the long rant about users and thank you again for your help!

Just use the TransfertRate (http://www.proftpd.org/localsite/Userguide/linked/config_ref_TransferRate.html) parameter to set the uload and download rates.
For example to limit the dowload rate to 4Kb/s add this line in your proftpd.conf file : TransferRate RETR 4096To limit the upload rate to 4Kb/s : TransferRate STOR 4096

@TransformedBG, without some details on what you did and your proftpd.conf file it would be almost impossible to help you.

Excellent, thanks for the help here and with the rest of this topic. I would just like to point out for other people who may look at this that the numbers here are actually in kilobites-per-second. So, to limit the download to 4 kilobites/s simply use TransferRate RETR 4. It is in the link you provided but I thought that this might help someone.

Thanks again
Erik

okay ... i have a small problem. i don't have the fastest connection in the world, and i'm having problems with some of my ftp users getting authenticated. they're getting 580 errors, but i know the account is set up correctly because i can log in myself with their user id and password.

i think it's just timing out before they can send the complete user name and password to my server.

i've changed TimeoutLogin to 100, but that still doesn't seem to give them enough time to send the entire user name and password. is there something i'm missing?

Use:
mount --bind /var/www /home/ftp/www

Make sure you create the www dir in /home/ftp and run the command as sudo.

Will work like a champ.

nix4me
Thanks for this nix4me but I am getting a permissions error when trying to upload. I created the directory www in my home/FTP-shared directory and used bind to "link" it with my /var/www/ directory all is well there, I think. I can see it's contents when I ftp to it but I cannot upload anything. I get a 550 error permissions denied. I used the same permissions as the Upload directory.

Thanks for this nix4me but I am getting a permissions error when trying to upload. I created the directory www in my home/FTP-shared directory and used bind to "link" it with my /var/www/ directory all is well there, I think. I can see it's contents when I ftp to it but I cannot upload anything. I get a 550 error permissions denied. I used the same permissions as the Upload directory.

Got it.. I had to edit the proftpd.conf file and add this to the bottom and restart the proftpd server
<Directory> /home/FTP-shared/www/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Frodon, you helped me setup my ftp server and i thank you for that. but for some reason i all of a sudden can't view any of my ftp directories. when i ftp in all i see is a blank list, meaning it is hsowing me nothing? here is my proftpd.conf
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on
# Choose here the user alias you want !!!!
UserAlias daniel ftp
ServerName "UBUNTU FTP Server"
ServerType standalone
DeferWelcome on
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 600
DisplayFirstChdir .message
ListOptions "-l"
RequireValidShell off
TimeoutLogin 20
RootLogin off
# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "YOU MADE IT!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"
# Set /home/ftp directory as home directory
DefaultRoot /home/ftp
# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
MaxLoginAttempts 5
UseReverseDNS off
IdentLookups off
#VALID LOGINS
<Limit LOGIN>
AllowUser ftp
DenyALL
</Limit>
<Directory /home/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/ftp/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ DELE>
DenyAll
</Limit>
<Limit STOR RMD RNFR RNTO CWD MKD>
AllowAll
</Limit>
</Directory>
#added for encrypting all transfers thru ssh and ssl
<IfModule mod_tls.c>
TLSEngine on
TLSLog Log /var/ftpd/tls.log
TLSProtocol TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key
# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

this happened to me out of no where so then i tried instaling gproftpd and using that and I couldn't really understand hot to use it so i just went back to view my conf file and gproftpd messed it up, it added things in the middle of lines, the word col and ile were put between some options so I kept getting errors when i would try to restart the server, so i found the bad line, fixed it but I still only can log in and SEE NOTHING? can you help me? i would like t point out that it did work great, i have all the folders created and they are there inside the /home/ftp/ location. what could be wrong? thank you if you can help

Your proftpd.conf file looks good, except a system rights problem on the directories you use i don't see what could be the problem.

Could you explain the problem you see with the system rights problem I use? Also, I am now outside my lan and everything is ok? So basically when I use FlashFXP from my WINXP machine within my LAN it doesn't show any dir's. it only shows a \ and that's it? Weird? I am trying to learn about Passive vs Active and I am curious as to how am I able to get a Passive FTP session from my work to my server when my server is behind a netgear firewall and I know that the only ports forwarded are 20 and 21. i read that Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

so if my firewall should be blocking all those higher ports how is passive mode working? thanks for your help!

frodon,

I want to share '/media/ftp' by FTP with 3 users: admin, download, & look. The admin user has the ability to do anything; the download user has the ablity to download and upload; and the look user can only browse the FTP. The download user can download from anywhere whil he can only upload to '/media/ftp/uploads'

All users have the default root of '/media/ftp' but each user has different file and folder permissions.

Is this possible to do? I've been killing myself for hours trying to find an answer. If it's not possible, please tell me so I can think of another way to do this. Thanks! :)

I think it's possible using the some "ifuser" sections inside each "directory" section. Here is a reference page on the topic :
http://www.castaglia.org/proftpd/modules/mod_ifsession.html

@dannyboy79, for the moment i have no idea but i will have a look at it this week, anyway don't forget to post your problem on the proftpd forum, this forum is damn helpful :
http://forums.proftpd.org/phpBB2/

Thanks frodon but the good folks at #proftpd helped me out. I finally got it working a few hours ago. Thanks!

Could you explain the problem you see with the system rights problem I use? Also, I am now outside my lan and everything is ok? So basically when I use FlashFXP from my WINXP machine within my LAN it doesn't show any dir's. it only shows a \ and that's it? Weird? I am trying to learn about Passive vs Active and I am curious as to how am I able to get a Passive FTP session from my work to my server when my server is behind a netgear firewall and I know that the only ports forwarded are 20 and 21. i read that Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

so if my firewall should be blocking all those higher ports how is passive mode working? thanks for your help!

Dannyboy,

I had the same problem. But the folks @ #proftpd told me to make sure that "DIRS" and "PORT" was ALLOWED in the Limit brackets. See if that helps.

Thanks frodon but the good folks at #proftpd helped me out. I finally got it working a few hours ago. Thanks!



Dannyboy,

I had the same problem. But the folks @ #proftpd told me to make sure that "DIRS" and "PORT" was ALLOWED in the Limit brackets. See if that helps.

Thanks for the suggestion however there are tons of locations where it says, LIMIT, so I have no idea where you want me to put DIRS and PORT? Can you please post your proftpd.conf? or maybe just one little area showing the example and then explain where else I need to do it. thanks so much for your help!

Is it possible to get gproftpd to work in implicit ssl mode and not just in Auth SSL/TLS ?

If I use port 21 for server, i can see directory listing. If i use different port like 1980, than i get error: Could not retrieve directory listing. Ftp client is FileZilla. use passive mode.

thnx.

i am trying to bind /home/daniel to /home/ftp/daniel. it appears to work but when i click on a folder within /home/daniel for example 300gb-ext3 there are no sub-folders which there should be??? What's weird is when I bind location /home/daniel/300gb-ext3 to /home/ftp/daniel that works, they'll be sub-folders upon sub-folders and files shown. This is using filezilla. i checked all the permissions of the folders and they appear to be the same and appear to be owned by me. I am logging into my ftp server as a user which gets jailed into /home/ftp. why does it show sub-dir's upon sub-dirs when i bind /home/daniel/300gb-ext3 but not when i bind /home/daniel?

The tutorial worked for me, thanks Frodon!

I do have to say it is much easier on Windows Server 2003/Windows 2000 Server, but that many be because I understand them much more...

Thanx, great stuff...

/N

Great tutorial on B- The secure way :) very very Great job!!!

Thanx Frodon and the ppl that helped Frodon out on the tutorial about the router and everything else :D

Glad to know that you like the tutorial, i hope no one will be scared anymore to set a FTP server on ubuntu.

Glad to know that you like the tutorial, i hope no one will be scared anymore to set a FTP server on ubuntu.

I need a little help here!! I'm having trouble logging into my FTP server, I type in the username and password, and it tells me invalid password. I know it's correct.

This is the very first time that I have ever set up a server, and I have no idea how to do it. All I did was I turned on gproftpd, then I created a user. I created a server.... I think. I really do not know how to actually make one using gproftpd. I type in the ip address on my computer, and the domain I want, go through all the stuff that you need to fill out, and click generate certificate. It does... something. I do not know what clicking that actually does. I just want a server that people can connect to, host their files from, and have their own domain.

I have been using this guide to set up my own FTP-server, with gProftpd. Everyhing working great, untill yesterday. I can log in, but it just stops when it tries to list the file names..
"Loading directory listing / from server (LC_TIME=en_AU.UTF-8)
PASV
227 Entering Passive Mode (192.168.1.254,205,92)."


Any suggestions for this? Is it the setup, or something with the net?

i'm not sure if this has been covered or not, but i've got current system users with their own home dir /home/username, but what gproftpd does, when i add those current users as an ftp user aswell, is that it allows me to choose an ftp home dir without changing the original home dir of /home/username. the new ftp home dir is /var/www/username.

i was wondering, is it possible to do what gproftpd does, except via command line?

this would save me from using gnome/xserver window manager

cheers

I need a little help here!! I'm having trouble logging into my FTP server, I type in the username and password, and it tells me invalid password. I know it's correct.Do you get the 530 errors ?
Checks the permission of the folder you share with your server and try to create again your user using the GUI.

This is the very first time that I have ever set up a server, and I have no idea how to do it. All I did was I turned on gproftpd, then I created a user. I created a server.... I think. I really do not know how to actually make one using gproftpd. I type in the ip address on my computer, and the domain I want, go through all the stuff that you need to fill out, and click generate certificate. It does... something. I do not know what clicking that actually does. I just want a server that people can connect to, host their files from, and have their own domain.Sorry, but i can't really help you with gproftpd because i almost never used it but maybe some users who use it may be able to help you

I have been using this guide to set up my own FTP-server, with gProftpd. Everyhing working great, untill yesterday. I can log in, but it just stops when it tries to list the file names..
"Loading directory listing / from server (LC_TIME=en_AU.UTF-8)
PASV
227 Entering Passive Mode (192.168.1.254,205,92)."


Any suggestions for this? Is it the setup, or something with the net?Do you have more error log ?
Check the permissions of the folders you share, wrong permission can generate this issue.

i'm not sure if this has been covered or not, but i've got current system users with their own home dir /home/username, but what gproftpd does, when i add those current users as an ftp user aswell, is that it allows me to choose an ftp home dir without changing the original home dir of /home/username. the new ftp home dir is /var/www/username.

i was wondering, is it possible to do what gproftpd does, except via command line?

this would save me from using gnome/xserver window manager

cheersThe way gproftpd share the directories is not really secure so i don't advice you to try to do the same thing. But yes you can do the same thing, it is just not enough secure IMO. Modifying the original home directory is more secure IMO.

Hi,
I'm having some problems here..

I had some older version of proftpd which i chose to remove (by synaptic)
But as i discovered not all files were removed :confused:

After going through your how-to (great job btw !) i've noticed that at the end, old conf file was being loaded.

Then I manualy removed proftpd.conf from /etc and from /etc/proftpd/
and also startup script from init.d

After another reinstall I'm missing startup script ](*,) Shouldn't it be recreated at apt-get install ?

any thoughts on working this out ?

help.

Hi,
I'm having some problems here..

I had some older version of proftpd which i chose to remove (by synaptic)
But as i discovered not all files were removed :confused:

After going through your how-to (great job btw !) i've noticed that at the end, old conf file was being loaded.

Then I manualy removed proftpd.conf from /etc and from /etc/proftpd/
and also startup script from init.d

After another reinstall I'm missing startup script ](*,) Shouldn't it be recreated at apt-get install ?

any thoughts on working this out ?

help.


why don't you try to go sudo aptitude remove proftpd && aptitude purge proftpd

this should get rid of anything related to proftpd. just so you know though, the newest proftpd from the repos doesn't have mod_tls compiled into it so you can't connect to your server using any kind of encryption. if you want encrytpion, you'll ahve to compile the newest source by hand. i did start a thread for this and frodon informed the developers. (i hope)

What a thread!!!!

This is my problem:
I log-in using my unix user "surname.name" and then i see my root (/home/surname.name/) but, there, i can see also "/home/surname.name/Maildir" that is to say mail folder.

How can i modify proftpd.conf to hide /home/*/Maildir folder (that every user see as "/Maildir") to all users?

Thanks in advance,
Salvo

Try adding this at the end of your config file :<Directory /home/surname.name/Maildir/>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
Deny ALL
</Limit>
</Directory>Then restart your server, if it works you should be able to see the directory but you won't be able to enter in.

Let me know if it works.

Try adding this at the end of your config file :<Directory /home/surname.name/Maildir/>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
Deny ALL
</Limit>
</Directory>Then restart your server, if it works you should be able to see the directory but you won't be able to enter in.

Let me know if it works.

I already tried this:

< Directory /home/*/Maildir >
< Limit READ WRITE >
DenyAll
< /Limit >
< /Directory >


But it doesn't work

Then I tried this:

< Directory ~/Maildir >
< Limit READ WRITE >
DenyAll
< /Limit >
< /Directory >

I can see the folder, enter, write...

Using your code (modified with /home/*/Maildir), it works...

Thanks you!

I just wanted to say thanks. This works great. Your conf file was full of good hints--I didn't copy/paste, but reading through your post help me understand what was going on.

i gave out the alias I was using to login to my server to someone and now I don't want them to have access anymore so i changed the useralias and the password for the linux user ftp, but when I try to log into the server, the server won't accept the new alias, it does work with the old alias and the new password so he wont be able to login anymore which is what I want, but he stil knows the alias, YES I DID restart the server after changing the useralias in my proftpd.conf file? does anyone know why the new useralias isn't working?? do I need to restart my whole computer? i have restarted the server by doing sudo /etc/init.d/proftpd restart many times but I shouldn't have to do this as I run my server thru inited not as a standalone, so i am undert the impression that each time a user trys to log in, it starts up the server with the latest config each time so a server restart isn't required that's the advantage of inited instead of standalone but why isn't it working? anyone wanna help. Frodon maybe wanna help me? or are you still mad at me for asking for you know what?

Knowing your story about proftpd, i mean that you updated to the 1.3 version which don't use the same path for the config file i guess you modifyed the old config file under /etc/proftpd.conf rather than the one under /etc/proftpd/proftpd.conf which is i believe now the new one used in proftpd 1.3, it really sounds like this kind of stuff.

Try to search for mistakes in this spirit and i'm sure you will solve quickly your issue.

thank you very much however this has brought up another problem! i just realized tha tI have been running my server as standalone and this whole time I thought I was running it thru inetd. now that I want to switch it I am getting all screwed up with inetd, inetd.conf, xinetd, xinetd.conf, xinetd.d and all this stuff. i am wondering I can uninstall inetd and just use xinetd? I have xinetd installed as I had to to get swat to work I think? currently there is a line within my inetd.conf file that I am not sure what'll happen if I remove inetd, it states this:
netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd

does anyone know if I need this line for samba to work since I see it has something to do with netbios but I don't know what ssn is??

i have just decided to compile version 1.3 with all the goodie modules that came with proftpd's source. i am not going to compile it with any of the 3rd party modules although some may be useful I haven't needed them yet so I don't think i will ever need them. if I do I can always compile again. this should be interesting, if it all works out, i'll look into making a .deb for everyone.

I'm having some issues trying to install proftpd on a new install. I try the command sudo apt-get install proftpd gproftpd and I get the following:

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package gproftpd

Any ideas on how to resolve this problem? I've tried updating my sources.list but that hasn't worked. I've googled and searched this forum and I haven't found anything useful. Thanks in advance.

Steve
a linux noob

I see the packet without any problems so i think it may come from your sources.list file, could you post it there ?

Thanks

I see the packet without any problems so i think it may come from your sources.list file, could you post it there ?

Thanks

It's attached. Thanks again.

Ok, i got it.

You're using breezy and gproftpd is in the repository only since dapper, however i made a .deb file at the time but i'm not sure it's the latest version, check if it is.

To install it type in a terminal (in the directory of your choice) :

Thanks, that did the trick. I got the ftp server up and running, now I can play around with the options and get it the way I want. :KS

I royally messed up with the configuration of ProFTPD.. How do I uninstall the whole thing?

And I am a bit confused... How do I make a user with a username and password with full access to /var/www/?

ftp://user:pword@ftp.somehost.com

to unsintall : sudo apt-get remove proftpReplace : DefaultRoot /home/FTP-shared by DefaultRoot /var/www/ and set set /var/www/ as home directory for this user.
You create the user like all other system users.

Just for those who don't know this link, you will find all you need for a mor e advanced use of proftpd there :
http://www.castaglia.org/proftpd/

to unsintall : sudo apt-get remove proftpReplace : DefaultRoot /home/FTP-shared by DefaultRoot /var/www/ and set set /var/www/ as home directory for this user.
You create the user like all other system users.

Thanks for your help. But I am having issues with the user.

Since I am using Edgy Eft, I am experiencing the "You are not allowed to access the system configuration. (http://ubuntuforums.org/showthread.php?t=286260)" bug and therefore must do everything by terminal.

I have, and successfully, tried to login as "justin" (my standard ubuntu login name). Despite the LIST -aL command taking forever to execute, I get a 550 (Permission Denied) for all commands and transfer attempts.

I put
<Directory /var/www/>
<Limit All>
AllowAll
</Limit>
</Directory> in the proftpd.conf with no avail.


Thanks for the help!

Try adding this in your directory section instead of what you have, just to be sure : <Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>

[07:40:50] Resolving host name "forgotten.no-ip.info"
[07:40:50] Connecting to 66.183.94.100 Port: 21
[07:40:50] Connected to forgotten.no-ip.info.
[07:41:10] 220 ProFTPD 1.3.0 Server (Forgott3n's FTP Daemon) [::ffff:192.168.1.102]
[07:41:10] USER justin
[07:41:10] 331 Password required for justin.
[07:41:10] PASS (hidden)
[07:41:14] 230 User justin logged in.
[07:41:14] SYST
[07:41:14] 215 UNIX Type: L8
[07:41:14] Detected Server Type: UNIX
[07:41:14] FEAT
[07:41:14] 211-Features:
[07:41:14] MDTM
[07:41:14] REST STREAM
[07:41:14] SIZE
[07:41:14] 211 End
[07:41:14] PWD
[07:41:14] 257 "/" is current directory.
[07:41:14] MKD test
[07:41:14] 550 test: Permission denied

Still isn't working. Could this be linked with the bug?

Ok, then now check that your "/var/www/" directory have 777 rights which is needed to download/upload in the directory.

If not give the directory 777 rights and test again.

I get the following error, Im not sure
- IPv4 getaddrinfo 'homer' error: Name or service not known
- warning: unable to determine IP address of 'homer'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd.conf'

Ok, then now check that your "/var/www/" directory have 777 rights which is needed to download/upload in the directory.

If not give the directory 777 rights and test again.

Haha silly me, forgot to CHMOD the folder.


Quick question: how do I speed up LIST -aL? Its very slow to do anything with a good 10 second wait per file.

I followed the walk through, and did everything as instructed, then when I try to sudo /etc/init.d/proftpd start it gives me - IPv6 getaddrinfo 'ryan-desktop' error: Name or service not known
ryan-desktop - 127.0.1.1:1980 masquerading as xx.xx.xx.xxx
[ ok ]


Is this normal? If not, any ideas what could be wrong?

(I removed my IP address, it isn't actually masquerading as xx.xx.xx.xxx)

Yes it's normal, it's just an informative message and it won't hurt the behaviour of your FTP server. See the proftpd forum if you want more detailled informations on this message.

@Forgott3n, i would have loved to help you more but you reached the limit of my knowledge lol, anyway if you post your question on the proftpd forum i'm sure you will get an answer because this forum is watched by the proftpd maintainer who always give nice advices :
http://forums.proftpd.org/phpBB2/

I'm a bit confused, am I suppose to be able to access my server through ftp://xx.xx.xx.xxx/, because it times out everytime I try it.

Edit: When I try to connect using gFTP, it causes gFTP to freeze, and thus I can't connect to my server.

I've setup Gproftpd.
And in the default folder /var/ftp i've mounted 2 other folders from another partition, as the "how to " says
The partitions have been mounted correctly.
The problem is that when accessing the ftp,users don't have to access to the mounted folders (550).
I set chmod 777 for the /var/ftp/upload and 755 for /var/ftp/download.

any help?

Ok, since I got the ftp setup on my machine a friend asked me for help doing his. While I was running sudo apt-get install proftpd there was a power surge in his room and it caused the machine to reboot. Now when I run the command I get the following error from terminal:

E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.

Any ideas on the solution? I'm sure what needs to be in front of the dpkg line.

Thanks for any help, as always.

Edit - I figured it out.

hello just want to ask if it is possible to have multiple account in just one proftpd configuration? if yes how. thanks :)

I always answer why to this question.

What is your need to have several FTP users ?

Of course it's possible and there's mutiple ways to do it depending on what is your goal, tell me what is your need and i will explain you the most suitable way to do it.

I've setup Gproftpd.
And in the default folder /var/ftp i've mounted 2 other folders from another partition, as the "how to " says
The partitions have been mounted correctly.
The problem is that when accessing the ftp,users don't have to access to the mounted folders (550).
I set chmod 777 for the /var/ftp/upload and 755 for /var/ftp/download.

any help?The 2 folders you mounted from the other partition must have the good rights too, because when you mount a folder in another one it overwrites the permissions of the destination folder.

The 2 folders you mounted from the other partition must have the good rights too, because when you mount a folder in another one it overwrites the permissions of the destination folder.


yes the two folders that i mount have the good rights.
...

I always answer why to this question.

What is your need to have several FTP users ?

Of course it's possible and there's mutiple ways to do it depending on what is your goal, tell me what is your need and i will explain you the most suitable way to do it.

Hello Sir Frodon

I need multiple user to my ftp server so i could assign one username and password to each person and on each account has their own download and upload folders so not to mix up all of their files. :)

Ok, i understand what you mean.

The question is do you want completely separate directories for each user, i mean one directory for user A which contain one upload and one download directory ?
Or if we put all the directories under "FTP-shared" is it ok for you ?, i mean for example :
userA-download
userA-upload
userB-download
userB-upload
...
The second way is easier and more secure IMO, the second part of the "Advanced tricks" section will show you how to do it. The only inconvenient is that when you login each user will see all the directories but will be able to enter only in the one he has the rights for.
However if it's really annoying for you i can read some documentation because i read at the time somewhere that it's possible to hide the directories.

Ok, i understand what you mean.

The question is do you want completely separate directories for each user, i mean one directory for user A which contain one upload and one download directory ?



Yes sir Frodon 1 directory for 1 user! Thanks a lot for the help :)

mmm, not sure to know how to do it that way :-k

Or if we put all the directories under "FTP-shared" is it ok for you ?, i mean for example :
userA-download
userA-upload
userB-download
userB-upload

ok sir can we this? :)

Yes of course, it is explained in the "advanced tricks" part of the guide in the first post.
All you need is to create the users, create all the directoties then restrict the access depending of the user.

Yes of course, it is explained in the "advanced tricks" part of the guide in the first post.
All you need is to create the users, create all the directoties then restrict the access depending of the user.

ok sir will do! Give u feedback. Thanks again :KS

i think i've found a great source, (http://i-gunler.com/section/eventview.php?sec=60&Date=1&Day=3&Month=12&Year=2002&Page_Num=1) thank you so much. (http://i-gunler.com/section/eventview.php?sec=60&Date=1&Day=3&Month=12&Year=2002&Page_Num=1). (http://i-gunler.com/section/eventview.php?sec=60&Date=1&Day=3&Month=12&Year=2002&Page_Num=1)

Maybe someon can help. I've followed all the instructions on how to setup the FTP server. When I try to restart the server I get this error:

..localhost - mod_delay/0.4: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory

Everything is setup as outlined in the first post. I don't think this has to do with config, my guess is there is something wrong with the install. I've tried uninstalling completly and then reinstalling, but I get the same error.

How do I fix this?
Thanks.

1- Enable TLS/SSL encryption (FTPS)
The FTP file sharing protocol is an old protocol which was created when internet was still a secure place, therefore the default FTP protocol is not that secure.
For example the password and username for login are transmitted in plain text which obviously isn't secure.
That why, to fit the needs of our generation, encryption solutions were developed and one of them is TLS/SSH encryption.
This will encrypt the username and password and all the data you send, obviously to use it the FTP client must support SFTP protocol.

here are the steps to enable TLS/SSH encryption (FTPS (http://en.wikipedia.org/wiki/FTPS)):

Paste these commands in a terminal :sudo apt-get install build-essential
sudo apt-get install libssl-dev
cd /etc
sudo mkdir ftpcert
cd ftpcert/
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
sudo openssl genrsa -des3 -out ca.key 1024
sudo openssl req -new -x509 -days 365 -key ca.key -out ca.crt
sudo wget http://frodubuntu.free.fr/ubuntu/sign.sh
sudo chmod +x sign.sh
sudo ./sign.sh server.csr

HI all,
when I type sudo ./sign.sh server.csr I get this error:

CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'IL'
stateOrProvinceName :PRINTABLE:'Ikkland'
localityName :PRINTABLE:'Ikktown'
organizationName :PRINTABLE:'Project ikkinu'
organizationalUnitName:PRINTABLE:'Ftp Dpt.'
commonName :PRINTABLE:'ikkinu'
emailAddress :IA5STRING:'ikkinu@inventati.org'
Certificate is to be certified until Dec 5 19:24:50 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 18 at 0 depth lookup:self signed certificate
/C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 7 at 0 depth lookup:certificate signature failure
12603:error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus:rsa_eay.c:645:
12603:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:

Can anyone help me?
Thanks

this happened to me, I couldn't figure it out so I just performed the steps over and over again, chosing different names for each of the prompts and finally it worked. don't know what exactly made it work but it did. for country name, I put US, for state I spelled out WISCONSIN, for city I spellled out my city, for company name I put NA1 (not applicable 1) for org unit name, I put not applicable 1 (spelled out this time), for commmon name I spelled out my first name, for email, I put my real email address. that is all for server.key, then for the next one, I think it was ca.key, I did everything the same except added "2" instead of the "1" where I used NA and not applicable. good luck. I have to be honest, despite not getting errors when I self signed the certificate, I still can't even ftp into my site. I use xinetd which may be the problem. also, are you using the new mod_tls by way of mod_dso? good luck

Maybe someon can help. I've followed all the instructions on how to setup the FTP server. When I try to restart the server I get this error:

..localhost - mod_delay/0.4: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory

Everything is setup as outlined in the first post. I don't think this has to do with config, my guess is there is something wrong with the install. I've tried uninstalling completly and then reinstalling, but I get the same error.

How do I fix this?
Thanks.


you simply need to create the /var/run/proftpd/ dir and you'll be set. I don't know why it wouldn't have been created wehen you installed Proftpd. unless you compiled it yourself, since I did, I had that same error as well. For the future, if it tells you that a file or folder doesn't exist, then do a locate or find for it and if the folder isn't there, then linux needs you to create the folder so that proftpd has a place to put the proftpd.delay file when you log into your server. good luck

Yes of course, it is explained in the "advanced tricks" part of the guide in the first post.
All you need is to create the users, create all the directoties then restrict the access depending of the user.

Hello Sir Frodon

my ftp work with multiple users but one question is there a way to hide the download folders on the other accounts? :)

I know there is one but i don't remember exactly where i read that so i would have to search a little bit, give me one week and i will try to give you an answer.
Feel free to PM me in one week to remind me your question if i forgot to search ;)

Maybe someon can help. I've followed all the instructions on how to setup the FTP server. When I try to restart the server I get this error:

..localhost - mod_delay/0.4: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory

Everything is setup as outlined in the first post. I don't think this has to do with config, my guess is there is something wrong with the install. I've tried uninstalling completly and then reinstalling, but I get the same error.

How do I fix this?
Thanks.


simply create the folder /var/run/proftpd/ and you should be fine! proftpd is telling you that it can't create the file because the directory isn't there, so create the dir, and then the server will be able to create the file when some1 tried to connect and all will be good. this happened to me because I compiled version 1.3 myself and I needed to create this folder for the scoreboard file as well as the delay file.

Hello Sir Frodon

my ftp work with multiple users but one question is there a way to hide the download folders on the other accounts? :)Ok, the command to do this is HideNoAccess (http://www.proftpd.org/localsite/Userguide/linked/config_ref_HideNoAccess.html).

In each directory section try adind this command the beginning, example :
Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
HideNoAccess on

<Limit ALL>
Order Allow,Deny
AllowUser user1
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>I'm not sure it will work because i never used it.

I found an interesting thread for you where a user is trying to configure his server in the same way than you :
http://forums.proftpd.org/phpBB2/viewtopic.php?t=172&highlight=hidenoaccess

Hi, just a note on the TLS part of your excellent HowTo. I found that the server would disconnect immediatly after the TLS handshake, this is what it said in the log:

ssl3_get_record:wrong version number

Found the fix on this site: http://forums.proftpd.org/phpBB2/viewtopic.php?t=1075&

Basically I changed the entry "TLSProtocol TLSv1" found in the proftpd.conf file to read "TLSProtocol SSLv23" and it worked after the restart of proftpd.

Does this sound right? Anyone else have this problem?

Also just to clarify, when I removed the password for the rsa key (so that I didn't have to enter everytime the server starts) your guide says to make the file accessable only for root. How would I do this? (still learning)

Thank you very much

I'm new to this so here is a pretty basic question:

What would my ftp address be if I were to access my FTP server from a browser? Is gFTP the only way to access it?

:confused:

I'm new to this so here is a pretty basic question:

What would my ftp address be if I were to access my FTP server from a browser? Is gFTP the only way to access it?

:confused:

You need to know 2 things to access your FTP server: IP-address en port number. When trying to access your FTP server in a LAN, use your local IP-address to test the connection with the server. For example: 192.168.1.101 with port 1980, this goes for gFTP.
Using a browser you should go to the following URL: ftp://192.168.1.101:1980.
Voila, my first post!!

UBUNTU YEAH!

Sorry to drag this up again, but I am getting the 530 error.

I have configured it exactly as the first post

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "woodside"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


I have confirmed the CHMODs
I have created the user (userftp) from both the command line and the GUI
I have tested from both the local machine and a remote, through both IE, CLI and GUI.

*********@woodside:~$ ftp localhost
Connected to localhost.
220 you're at home
Name (localhost:sean): userftp
331 Password required for userftp.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.


Pretty please can someone help get my sanity back ](*,)




EDIT:

Mmmmmmmm, this may be a clue, but I know not what :$

Jan 06 21:18:28 woodside proftpd[6889] localhost (localhost[127.0.0.1]): FTP session opened.
Jan 06 21:18:38 woodside proftpd[6889] localhost (localhost[127.0.0.1]): USER userftp: user is not a UserAlias from localhost [127.0.0.1] to 127.0.0.1:21
Jan 06 21:18:44 woodside proftpd[6889] localhost (localhost[127.0.0.1]): FTP session closed.

When using UserAliases like in your code:
-> UserAlias sauron userftp
You must login using the configured alias.
So login with sauron. Or remove the the UserAlias line in your code.
Yo!

LOL

It just goes to show that the more you look at something the less you see :$

It works on localhost, just need to sort my router out.

Many many thanks

Hi Guys,

I have the following problem and no idea what to do so any heko would be great.

When I try to start proftpd I get -mod_delay/0.4:error opening DelayTable /var/run/proftpd.deal':No Such file or directory

I have manually created the dir /var/run/proftpd using sudo mkdir /var/run/proftpd then when I run the deamon it works fine however when I reboot the dir is lost so I cannot run the deamon again without re creating the dir. ](*,)

I would also like the ftp server to run on start up so an idea of how to get this working would be great.

Thanks

Do you use the mod_delay module ?

If not please post your proftpd.conf, tell me me which version of proftpd you use then if you use the 1.3 post your /etc/proftpd/modules.conf.

Thanks for the quick responce. I've managed to sort the dir problm out.

the only issue I have now is connecting to the server. I can connect from within the network fine, but when trying it from an external connection it connects but I cannot see anything in the directory. my FTP client gives the following message

Connecting to 80.41.35.132:22024
Connected to 80.41.35.132:22024 in 0.062440 seconds, Waiting for Server Response
220 My FTPD
Host type (1): Automatic Detect
USER espo100583
331 Password required for espo100583.
PASS (hidden)
230 Anonymous access granted, restrictions apply.
SYST
215 UNIX Type: L8
Host type (2): Unix (Standard)
PWD
257 "/" is current directory.
TYPE A200 Type set to A
PASV
227 Entering Passive Mode (192,168,0,4,197,240).
connecting data channel to 192.168.0.4:197,240(50672)
Substituting connection address 80.41.35.132 for private address 192.168.0.4 from PASV
PORT 10,1,37,100,5,5
200 PORT command successful
LIST
Error reading response from server.
It appears that the connection is dead. Attempting reconnect...

any Ideas of what the problem may be would be great.

Thanks

First I would like to thank you for all the work you have put into this. I would also like to note I am a complete newbie not only to Ubuntu but also Linux so I may need things more details. Very sorry.

When trying to log in via FTP from a windows box to the Ubuntu.
Here is the information Filezilla my FTP software gives:

Status: Connected with 192.168.1.103. Waiting for welcome message...
Response: 220 you're at home
Command: USER userftp
Response: 331 Password required for userftp.
Command: PASS ********
Response: 530 Login incorrect.
Error: Unable to connect!

Here is my config

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias name userftp

ServerName "Ubuntu"
ServerType standalone
DeferWelcome on

UseReverseDNS off
IdentLookups off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 99

RootLogin off

# It's better for debug to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


Here is the user I created:
http://img407.imageshack.us/img407/8510/screenshot1hd3.png
http://img187.imageshack.us/img187/4889/screenshot2xt4.png

For all I know I may just be screwing up on the user I am creating.

Thanks,
Jovian

# Choose here the user alias you want !!!!
UserAlias name userftp



I think you have to log in as that alias "name"

Thanks addicted_to_the_net this kinda put me on the right track. I ended up testing it without the follow lines:

AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias name userftp

This worked! now I just need to figure out what im doing wrong with my user account alias stuff.

What ever you use for the alias is the login name that you should use to login to the server. So like alias guest would mean, username "guest" password "the one you set for userftp".. Good luck!

Ok so your saying the Alias which by the guide is userftp, is the account name you would use to connect to the FTP server. I thought that was the user. So whats the user then? hehe thanks so much for your help.

Read the guide again and you will find all what you are looking for... Goodluck

Hello everyone,

Frodon, thanks for this superb HOW-TO. I had a bit of a tough time setting up the SFTP part but nevertheless I persevered and in the process even setup an SSH server! Although it took me the WHOLE of today, you won't believe how much else I could get done since I didn't have to google for this-and-that, fix this-and-that etc...

I'm VERY impressed with the calibre of dedication and committment that this forum possessess.

Cheerio1

I'm not sure if this should go in this thread, or in the ProFTPd through NAT thread. Either way, here goes:

Starting proftpd gives the following:

::dadantada01@dadantada3::/home/dadantada01::
$ sudo /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ ok ]
* Starting ftp server proftpd - IPv6 getaddrinfo 'localhost.localdomain' error: Name or service not known
localhost.localdomain - 127.0.0.1:12345 masquerading as 123.456.789.101Where 123.456.789.101 is the external WAN IP, and 12345 is the port that I have fowarded on my router.

/etc/proftpd/proftpd.conf is as follows
#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias dadantada dadantadaftp

ServerName "ftpdadantada"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
# Port 21
Port 12345

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/ftp directory as home directory
DefaultRoot /home/ftp

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser dadantadaftp
DenyALL
</Limit>

<Directory /home/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp/upload/*>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

MasqueradeAddress 123.456.789.101
PassivePorts 12345 12345

When I connect remotely (to 123.456.789.101:12345, with user dadantada), I get the following spiel:

Status: Connecting to 123.456.789.101:12345 ...
Status: Connected with 123.456.789.101:12345. Waiting for welcome message...
Response: 220 you're at home
Command: USER dadantada
Response: 331 Password required for dadantada.
Command: PASS ***************
Response: 230 welcome !!!
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: 211 End
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE A
Response: 200 Type set to A
Command: PASV
Response: 227 Entering Passive Mode (123,456,789,101,231,26).
Command: LIST
Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing
Command: PWD
Error: Timeout detected!
Status: Waiting to retry... (5 retries left)

Setting the FTP client to active means that I cannot connect at all. Is this a firewall issue, a mode issue or a local host issue?

I should also point out that I only have ports 21 and 12345 available to use, as I am logging onto the machine via ssh, and cannot access the hardware firewall remotely.

Hi,

I still have the problem, that files I upload with an ftp-client are not readable and I get an "You don't have permission to access /test.html on this server." by accessing them by web.

I followed this instruction here (just disabled AliasLogin and used another username). Everything works really fine but I have to set the rights manually to the uploaded files.

Would be a great thing to get a hint or to find a solution!

Best regards

Stefan

Don't really understand your problem, are you able to upload the files ? If yes then if you don't like the default rights of the files try to tweak the Umask line in your proftpd.conf and in your system it is the command which handle the efault rights of a created file.

Hi,

yes, the upload is possible. But the file did not get the "read by others" property :-) And - yes - I used the chmod 022 in the config file. But an hour ago I found the solution - I use GFTP as a client and there is the option:

"keep the filerights" (not sure how it is called in the actual english version - in german it is "Dateirechte beibehalten"). By disabling this function everything works perfectly.

So the information given by my FTP-Client overrides the FTP-Server settings. Interesting to know...

Thanks!

Stefan

Glad that you found the solution and thanks for sharing it ;)

Just a little particle in a very, very big mosaic :-)

1- Enable TLS/SSL encryption (FTPS)
The FTP file sharing protocol is an old protocol which was created when internet was still a secure place, therefore the default FTP protocol is not that secure.
For example the password and username for login are transmitted in plain text which obviously isn't secure.
That why, to fit the needs of our generation, encryption solutions were developed and one of them is TLS/SSH encryption.
This will encrypt the username and password and all the data you send, obviously to use it the FTP client must support SFTP protocol.

here are the steps to enable TLS/SSH encryption (FTPS (http://en.wikipedia.org/wiki/FTPS)):

Paste these commands in a terminal :sudo apt-get install build-essential
sudo apt-get install libssl-dev
cd /etc
sudo mkdir ftpcert
cd ftpcert/
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
sudo openssl genrsa -des3 -out ca.key 1024
sudo openssl req -new -x509 -days 365 -key ca.key -out ca.crt
sudo wget ***
sudo chmod +x sign.sh
sudo ./sign.sh server.csr

HI all,
when I type sudo ./sign.sh server.csr I get this error:

CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'IL'
stateOrProvinceName :PRINTABLE:'Ikkland'
localityName :PRINTABLE:'Ikktown'
organizationName :PRINTABLE:'Project ikkinu'
organizationalUnitName:PRINTABLE:'Ftp Dpt.'
commonName :PRINTABLE:'ikkinu'
emailAddress :IA5STRING:'ikkinu@inventati.org'
Certificate is to be certified until Dec 5 19:24:50 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 18 at 0 depth lookup:self signed certificate
/C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 7 at 0 depth lookup:certificate signature failure
12603:error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus:rsa_eay.c:645:
12603:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:

Can anyone help me?
Thanks


I have the exact same problem, did anyone come up with a reliable fix for this problem?
It's aggrevating as hell.

And i don't feel like sitting and guessing up values and hoping for a miracle.

I've tried googling but it just made me more confused.

Would appriciate help in this matter.

Thanks.

Just make several attempts changing some parameters like you pasword and so on, it should work.

Hi Guys,

Had a few problems getting proftpd working but getting there.

I have a problem when starting the server though I get the following message

Starting ProFTPD ftp daemon: WBSRV01 - mod_delay/0.4: error opening DelayTable
'/var/run/proftpd/proftpd.delay': No such file or directory

If i create the dir manually then try it again it works fine but then if I restart the PC I have to do it again.

Please see below my Conf file

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias espo100583 userftp

ServerName "WBSRV01"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 22024
PassivePorts 22025 22125
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /var/www

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>


<Directory> /var/www>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


Any advice would be much appreciated.

Thanks

Could you paste there the content of your /etc/proftpd/modules.conf file, thanks

hi all
I've followed all the instructions given here.. but I still can't FTP into my PC via outside line.. I've setup ddclient and registered my PC at dyndns.org and got myself an URL.. the problem is.. whenever I type the URL into firefox it would try to log into my router instead of my PC.. if I add the port number at the end, it would just not connect..

I guessed that entering the URL itself may not log into the PC itself, but using a port number should have.. hope you guys can help..

This will help you :
http://www.ubuntuforums.org/showpost.php?p=680702&postcount=81
http://www.proftpd.org/localsite/Userguide/linked/x862.html

I found that my router has this kind of layout for port forwarding..

1. you can only have 16 ports for entry (eg. 60000-60015)
2. each entry must be assigned to one port on the LAN side (eg. 60000-60015 on the WAN side will be assigned to say 60000 on the LAN side)

does this mean I have to forward every single port from 60000 to 65535?

EDIT: I was able to connect when I set the FTP port to 21 (I opened up port 21 on the router. I also edited the proftpd.conf and set the port to 21) but I get an Error 530

Thanks for the quick response,

as strange as this might sound I don't have a proftpd dir in /etc.

I used the apt-get install command to install it so not quite sure whats going on.

Any Ideas?

Thanks

OK, I got around to actually getting connecting to the server locally.. (still having problems accessing it via dyndns URL.. getting to this after I can get it working locally)

new problem.. and I suspect it has something to do with the ports for Passive Mode.. I've only opened from 60000-60040 and I've assigned them all to ports 60000-60005 on the LAN side..

It says that "/" is the current directory and then it tries to load a listing of / from the server.. and it goes into PASV mode and gets caught in a loop or something.. I cancelled the connection coz it was taking too long..

I dont have any commands in proftpd.conf pointing to / as the root folder.. and I've checked the home dir for userftp and it was OK..

any ideas?

@espo100583
I'm not sure about this, but I think proftpd on earlier versions of ubuntu didn't have a proftpd folder.. if you're trying to find the proftpd.conf, try looking for it in the /etc folder.. just a thought..

apparently by removing the MasqueradeAddress, I was able to get over the PASV mode looping.. I could get into the server locally, and am able to read/write files now..

on to getting it to work with dyndns.. still getting the "wrong password" error when I connect via dyndns URL..

Thanks for the quick response,

as strange as this might sound I don't have a proftpd dir in /etc.

I used the apt-get install command to install it so not quite sure whats going on.

Any Ideas?

ThanksWhat version of ubuntu are you using ?

it seems masqueradeaddress is required if outside people are to access the server.. however.. using masqueradeaddress I cant seem to be able to access the server from the inside.. or at least not from the PC that the server is running on.. I've had a few friends try accessing it from the outside with success..

another thing I was wondering.. why is it when I enter the URL I setup on dyndns into say firefox, it tries to access my router? will setting up a web server and redirecting port 80 to the web server make it so that the URL will open up a webpage on the web server instead of the router? just for the record.. I got this router from NTT.. think it's called a Web Caster V110.. oh yes.. I live in Japan..

I'm using version 6.10

I'm also having another issue, I can log onto the server with no prolbems from within the network but when I try it externally I get

"No connection could be made because the target machine actively refused it "

Thanks for all the help.

So try to re-install proftpd because you should have this directory if you use ubuntu edgy eft. For your second problem this is surely related to your firewall.

i was wondering if some one might be able to help me.

i have proftpd get up and its running. but i need to add some users.
the usernames:
patrick ftphome: /home/patrick/
dstamp ftphome: /home/dstamp/
var-user ftphome: /var/www/
and they need full controll. how would i do this as im normlly do it in gproftpd but i have gone full command prompt so no gui.

many thanks
patrick king

Just take example of the proftpd.conf in the first post and make some tests, the upload directory is a good example for you because it gives full rights.

Hi,

I've tried to reinstall proftpd but it still has not created the dir/ file you mentioned.

I'm guessing this could be down to my cource file so here is a copy of it, I got this from a link on this thread to another post which recomended this source list. I have a backup of the source list I had on install but it couldn't find proftpd when I trie apt-get.

deb http://archive.ubuntu.com/ubuntu breezy main restricted
deb-src http://archive.ubuntu.com/ubuntu breezy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu breezy-updates main restricted
deb-src http://archive.ubuntu.com/ubuntu breezy-updates main restricted

## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team

deb http://archive.ubuntu.com/ubuntu breezy universe multiverse
deb-src http://archive.ubuntu.com/ubuntu breezy universe multiverse

## Security Updates
deb http://security.ubuntu.com/ubuntu breezy-security main restricted
deb-src http://security.ubuntu.com/ubuntu breezy-security main restricted

deb http://security.ubuntu.com/ubuntu breezy-security universe multiverse
deb-src http://security.ubuntu.com/ubuntu breezy-security universe multiverse

## official backports
deb http://archive.ubuntu.com/ubuntu breezy-backports main restricted universe multiverse

# If you get errors about missing keys follow these command's :
# gpg --keyserver subkeys.pgp.net --recv 33BAC1B3
# gpg --export --armor 33BAC1B3 | sudo apt-key add -
#
# Cipherfunk multimedia packages (packages, GPG key: 33BAC1B3)
deb ftp://cipherfunk.org/pub/packages/ubuntu/ breezy main

## plf primary repo
## http 100mbit/s mirror provided thanks to OVH http://ovh.com
deb http://packages.freecontrib.org/ubuntu/plf/ breezy free non-free
deb-src http://packages.freecontrib.org/ubuntu/plf/ breezy free non-free

## plf mirror. use if primary repo is offline
## FTP mirror from http://free.fr (french ISP)
## deb ftp://ftp.free.fr/pub/Distributions_Linux/plf/ubuntu/plf/ breezy free non-free
## deb-src ftp://ftp.free.fr/pub/Distributions_Linux/plf/ubuntu/plf/ breezy free non-free

##
## Use the following repos ONLY if you need them.
## To use one remove the "##" from the line that starts with "## deb".
##

## official wine apt repository
##deb http://wine.budgetdedicated.com/apt breezy main
##deb-src http://wine.budgetdedicated.com/apt breezy main


## opera web browser
## deb http://deb.opera.com/opera/ etch non-free

## Oo2 final - you can optionally use this one until OOo2 final arrives in backports
## deb http://people.ubuntu.com/~doko/OOo2 ./

## skype
## deb http://download.skype.com/linux/repos/debian/ stable non-free

Thanks for the help.

From what i see you are using ubuntu breezy 5.10 and not ubuntu edgy 6.10 or you are using a wrong source.list file.
If you are really using ubuntu edgy you should have the 2.6.17.11 kernel, the command "uname -a" will give you your kernel version.

I have ran the command and got this

Linux WBSRV01 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux

I have the original source list if I need to revert back to this, but I'm guessing I will need to add some sources to enable me to get proftpd using apt as when I first tried it with th original source the package could not be found.

Thanks
Phil

Yep your source.list is really wrong, replace all the words "breezy" by "edgy" and it should be good.

ok i'm pretty much a complete noob to linux
but i instaled GproftpD and when i try to run it it tells me i have to run it as a root (the window will close in 10 secs) wth does that mean and how do i run it as root?

All about what is root rights and how to use them here :
https://help.ubuntu.com/community/RootSudo

Hey,

I've been having a hell of a time trying to get my server working with multiple logins (and diferent permission for each login).

What I'm trying to setup is:

A home dir (/home/ftp) that I can control with the main ftp user account and a dir (/home/ftp/clientclips) that, when logged in as a second account, is read only.
I would like to have full control the main dir (and all sub-dir) using the main ftp account and still have the clientclips dir read only for the second ftp account.

So far the best I've been able to do is have the main dir be read/write for the main account (anarchyftp) and the clientsclips be read only, or have all dir and sub-dir be read/write for the anarchyftp account and get PWD or PORT errors (often both) when logging in as the second account (creativeftp)

I've attached my current conf.
with it I'm able to read/write while logged in as anarchyftp, but I get this error when logged in as creativeftp:
"Could not determine current path. Server said: PWD: Permission denied. Error -124: PWD failed"

Does anyone have any tips? I'm getting kind of desperate.

Hi Guys,

Just a quick question,

I am able to connect locally to the FTP server but not externally. I have set the passive prots in the proftpd.conf file and matche the ports the router allows through to the server but when I connect externally I get

Response: 500 Illegal PORT command
Error: Could not retrieve directory listing

Any ideas would be greatly appreciated as I'm all out.

Thanks

I figured out the PWD error!

the problem was I had set the permissions like this:

<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
Deny ALL
</Limit>

<Limit READ MKD STOR CWD DELE XMKD RNEF RNTO RMD XRMD>
AllowAll
</Limit>
</Directory>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>


When I should have set them like this:

<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>

<Limit READ MKD STOR CWD DELE XMKD RNEF RNTO RMD XRMD>
AllowAll
</Limit>
</Directory>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>



The problem was I didn't give the read-only user permission to use the root dir, so it couldn't get access to the sub-dir.

E.g.

This gave me the PWD and PORT errors:
<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
Deny ALL
</Limit>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>



This worked:
<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>



Hope that helps someone.

Hello people, I installed proftpd on Ubuntu 6.10 with this tutorial and that all worked fine.

I now however want to install a third party module (mod_ban) but I really dont know how to do this. The instructions tell me to add a file (mod_ban.c) to the proftp-dir/contrib directory but I can not find this.

It also tells me to recompile using the commands below but executing these commands in terminal just give me a unknown command errors.

There must be someone out here that has done this before and who can help me out.

You should see in the proftpd forum for this, did you check that the module isn't installed by default ?

You should see in the proftpd forum for this, did you check that the module isn't installed by default ?
The proftpd forum has very bad support so I thought I'd try it here especially since the problem seem to lay in the fact that I installed a packaged version as explained in this tutorial while the installation instructions from the module I want assume you have compiled it yourself as it seems.

Now I need to find a way to recompile the packaged version with the extra modules.

The module is not installed by default:
jelger@jelger-desktop:/etc/proftpd$ proftpd --list
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_dso.c
mod_auth_pam.c
mod_readme.c
mod_cap.c
mod_ctrls.c

great howto thx!

Hi,

I plan to search the 41 pages for an answer to this post but in case someone is feeling charitable...

My setup isn't working correctly and I get the following error:

kieran@samurai:/home/FTP-shared$ sudo /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ ok ]
* Starting ftp server proftpd
- IPv4 getaddrinfo 'samurai' error: Name or service not known
- warning: unable to determine IP address of 'samurai'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd/proftpd.conf'


I'm very new to Ubuntu. I setup a Samba server last night with a static ip and I'm running Firestarter. I also have a wireless router.

Thanks in advance.
______________________________________

I GOT IT WORKING!!!! (even though no one has previously replied to this problem- so I will now =)

If you run into the same problem... do me a favour and in terminal type: 'hostname -f'
I bet it responds 'hostname: Unknown host'

If it does, do this:
sudo gedit /etc/hosts/

Add this line: '127.0.0.1 <hostname> <FQDN>'

FQDN stands for Fully Qualified Domain Name
hostname is the name of your machine

Mine reads something like this:
127.0.0.1 samurai samurai.phubs.net.cab.irelandrules.com

In this instance, hostname is samurai and samurai.phubs.net.cab.irelandrules.com is the FQDN.

In hindsight, this is a result of me being lazy during my Samba install and simply appending a preexisting entry with mshome and slightly altering the 127 mask.

And yes, to my fellow lazy people, you're all very very welcome =)

Happy FTPing!!!

Hi.

I've googled this but can find no answers.
I can access my server when I type ftp localhost.

rob@ubuntu-rydal:~$ ftp localhost
Connected to ubuntu-rydal.
220 My FTPD
Name (localhost:rob): *****
331 Password required for *****.
Password:
230 User rob logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Logins work fine.

However, when I try ftp (my.domain.name) I get:

530 Login Incorrect
Login Failed.
Remote type system is ignored.


I've checked /etc/hosts.deny (empty)
/etc/hosts.allow ALL

Any help greatly appreciated.

Rob.


#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

ServerName "Sputnik_rydal"
ServerType standalone
DeferWelcome off

MultilineRFC2228 off
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

#DenyFilter \*.*/
AllowOverwrite on

DefaultRoot ~
# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off
# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

<Directory /home/ftp/music>
Umask 022 022
AllowOverwrite off
<Limit LOGIN MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
AllowAll
</Limit>
</Directory>

<Directory> /home/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit LOGIN READ RMD DELE>
AllowAll
AllowUser All
</Limit>

<Limit LOGIN STOR CWD MKD>
AllowAll
AllowUser All
</Limit>
</Directory>

Are you behind a router or a firewall ? if yes it is things to check as well.

Sputnik,

I get the impression that Frodon isn't behind a router. Which is fine, except for the fact that his awesome instructions don't drill down into routers.

I suggest you port forward 21 on your router.

There are some other things you should do too if you haven't already done so.

1. Login into your router.
2. Under Internet Connection Type (or similar- I'm using linksys router), select Static IP. If you need your Internet IP address, subnet mask and gateway click on Status (or similar).


To port forward 21, click into your Port Range Forward table (this is located under Application & Gaming on Linksys)
Application: FTP
Start: 21 to
End: 21
Protocol: TCP
IP Address (linksys and based on DHCP Server starting IP address): 192.168.1.100
Enable: Y

Hope this helps. Keep posting your questions if it doesn't =)

Thank you both. Tried it over a PPP connection and things worked fine. As a note ftp uses port 20 as well as port 21, 21 is for commands and 20 for data, unless passive ftp is used.

Thanks again,
Rob.

many compliments for this guide frodon. I got it work in a few minutes, I tried in local network(ftp 127.0.0.1), no problem. But know I'm always getting this error from Linux or Windows SO:

xxx@Linux-desktop:~$ ftp 192.168.0.253
Connected to 192.168.0.253.
500 FTP server shut down (Sun Apr 1 21:17:59 2007 , Current connections will be dropped: Sun Apr 1 21:07:59 2007) -- please try again later

I tried restarting proftpd and Ubuntu, but nothing. Why is this happening?

I thnk you need to pass the username at least in your command to go to the next login step, for example "ftp username@192.168.0.253" then you will be asked to enter the password (it's how it works with a web browser).

I thnk you need to pass the username at least in your command to go to the next login step, for example "ftp username@192.168.0.253" then you will be asked to enter the password (it's how it works with a web browser).

that's strange. I got it to work in a couple of minutes simply typing ftp 127.0.0.1(from Ubuntu). I logged off from ftp, then I tried from Windows and started getting the 500 error. The strange thing seems to be the hour-minute in the error:

500 FTP server shut down (Sun Apr 1 21:17:59 2007

that's about the time I logged off from fto in Ubuntu

Thanks

edit: tried ftp username@192.168.0.253 and got Unknown host errror.

Like I said before, the 500 error came out when I started the Windows macchine, Could it be a conflict with Samba?

Hi!

I'm a complete Linux/Ubuntu newbie:)

I've followed the tutorial, but when i try to start the server I Just get:
root@Server:~# sudo /etc/init.d/proftpd start
* Starting ftp server proftpd [fail]

How do I go about to get a little more information on exactly what it is that has failed?

//T

http://www.proftpd.org/localsite/Userguide/linked/x1058.html

Don't forget to perform a syntax check first just to see that there isn't any typo somewhere :
proftpd -td5More here : http://www.proftpd.org/localsite/Userguide/linked/x1044.html

did that. It says it's ok...

And with the -nd5 option you don't get more details on what failed ?

oops, guess i missed a couple lines at the top. This is what it says:

root@Server:~# proftpd -td5
Checking syntax of configuration file
- mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
- parsing '/etc/proftpd/proftpd.conf' configuration
- <Directory /home/tjar/media>: deferring resolution of path
- IPv6 getaddrinfo 'Server' error: Name or service not known
Server -
Server - Config for ServerTorkel:
Server - /home/tjar/media
Server - Limit
Server - AllowAll
Server - Limit
Server - AllowAll
Server - Umask
Server - DirUmask
Server - AllowOverwrite
Server - AuthAliasOnly
Server - ShowSymlinks
Server - DisplayFirstChdir
Server - ListOptions
Server - RequireValidShell
Server - RootLogin
Server - TransferLog
Server - UseFtpUsers
Server - AllowStoreRestart
Server - MaxClients
Server - MaxClientsPerHost
Server - MaxClientsPerUser
Server - MaxHostsPerUser
Server - AccessGrantMsg
Server - Limit
Server - AllowUser
Server - DenyAll
Server - AllowOverwrite
Server - AuthAliasOnly
Server - DeferWelcome
Server - DefaultServer
Server - ShowSymlinks
Server - TimeoutNoTransfer
Server - TimeoutStalled
Server - TimeoutIdle
Server - DisplayFirstChdir
Server - ListOptions
Server - RequireValidShell
Server - TimeoutLogin
Server - RootLogin
Server - ExtendedLog
Server - TransferLog
Server - UseFtpUsers
Server - AllowStoreRestart
Server - UserID
Server - UserName
Server - GroupID
Server - GroupName
Server - Umask
Server - DirUmask
Server - MaxClients
Server - MaxClientsPerHost
Server - MaxClientsPerUser
Server - MaxHostsPerUser
Server - AccessGrantMsg
Server - ServerIdent
Server - DefaultRoot
Server - DefaultRoot
Server - MaxLoginAttempts
Server - mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
Syntax check complete.

It looks good, the IPv6 error shouldn't prevent the FTP server from running properly, your problem should be elsewhere.

ojve: I had to add sudo in front of the command to start the server. Otherwise I was getting permission denied on some things. Also, make sure the user you created in still in your Users & Groups under System / Administration.

frodon: Thanks for the guide! I have my FTP working. I wanted to set it up with SSL/TLS (I don't know the difference or if they are the same thing). I followed your steps, and I get prompted to enter the key on starting the server. The server starts fine, but how do I know if the SSL/TLS is working? Is there a way to check? I can still connect just the same with Firefox and KFTP Grabber on my other box. I feel like I should have had to accept a certificate or configure something in order for it to connect.

Any help would be appreciated! Thanks again!

Cheers!

In the log you will see the TLS step and if you try yourself to log in your server you will see that you need to accept the certificate you created before giving the username and password.
It also depend of the parameter "TLSRequired off" if you left it at the off state then normal connections (not encrypted) will be allowed but if you want for security reasons to accept only encrypted connections then put this parameter at the "on" state and your server will accept only TLS encrtpted traffic.
Be careful not all the FTP client support TLS encryption, GFTP do not for example.

I deleted my log file and started it from scratch. This log file has loggings of me running the start command to start the server, and attempting to login once. (Which was successful, but I was never prompted to accept a certificate):

Apr 04 11:30:40 love proftpd[5828] love: error setting IPV6_V6ONLY: Protocol not available
Apr 04 11:30:40 love proftpd[5828] love: ProFTPD 1.3.0 (stable) (built Wed Nov 29 02:01:20 UTC 2006) standalone mode STARTUP
Apr 04 11:30:45 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): error setting IPV6_V6ONLY: Protocol not available
Apr 04 11:30:45 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): FTP session opened.
Apr 04 11:30:45 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): no such user 'anonymous'
Apr 04 11:30:45 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): USER anonymous: no such user found from xx.xx.xx [::ffff:xx.xx.xx] to ::ffff:xx.xx.xx:21
Apr 04 11:30:57 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): USER districtthree: Login successful.
Apr 04 11:30:57 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): error setting IPV6_V6ONLY: Protocol not available
Apr 04 11:30:57 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): error setting IPV6_V6ONLY: Protocol not available
Apr 04 11:35:57 love proftpd[5850] love (xx.xx.xx[::ffff:xx.xx.xx]): FTP session closed.


/etc/proftpd/proftpd.conf is as follows...

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

ServerName "Fleur"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 49153

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 10

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

I turned it to ON, but I still didn't get prompted. Thanks for the help frodon. :)

Edit: My computer name is love, I am user fleur. fleur@love:~$

You have :
<IfModule mod_tls.c>
TLSEngine off
</IfModule>This is for sure the or a least one of the reasons why your TLS encryption isn't active.

hi frondon, i am back. i had stopped using my ftp server but now I want it again. i removed the backport and installed dapper version 1.2.10-27ubuntu3.1. i followed this guide to make sure it would work with my router. (this time I am going with "standalone" as I could never get xinetd to work with ssl/tls or without?
(http://ubuntuforums.org/showpost.php?p=680702&postcount=81) no matter what I try I can't get tls/ssl to work i am in dapper. i have forwarded both ports 20 and 21 and 60000 and 65534 (65534 is the last port available in my netgear router). i have made sure that iptables isn't blocking any of them. this is what the fireftp log shows so this is really weird:

220 you're at home
AUTH TLS
234 AUTH TLS successful
PBSZ 0

but it does say that over and over and over but the error window pops up right away. oh, i am working/troublshooting my dapper server thru putty in windows and using firefox/fireftp on that same machine to test my ftp server.another thing that's weird is that I can connect locally by using the ftp command. this is the tls.log file on the server it self.

Apr 05 23:03:23 mod_tls/2.0.7[20517]: unable to accept TLS connection:
(1) error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Apr 05 23:03:23 mod_tls/2.0.7[20517]: TLS/TLS-C negotiation failed on control channel

it appears that something is blocking the certificate from being passed thru the control channel? or the peer isn't sending the cert back? i do click ok in the firefox cert request i am using fireftp version 0.95.2 in firefox version 2.0.0.3. can you sugegst anything? I would be very greateful if you could. a little dialog does appear asking if I want to accept the cert and i click on yes, then I get this weird error in firefox. i tried taking a snapshot of it and putting it in imageshack but out of know where just now my netowrk connection is lagging horribly.

i have even tried disabling tls/ssl and this is what i get in the log file:

331 Password required for xxxxxxxxx.
PASS (password not shown)
230 YOU MADE IT!
TYPE A
200 Type set to A
CWD /
250 CWD command successful
PASV
227 Entring Passive Mode (xxxxxxxxxxx,243,171
Error: [Exception... "Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [nsISocketTransportService.createTransport]" nsresult: "0x80070057 (NS_ERROR_ILLEGAL_VALUE)" location: "JS frame :: chrome://fireftp/content/js/connection/dataSocket.js :: anonymous :: line 41" data: no]
Unable to make a data connection. Please try again.
LIST -al

then a message pops up and says, unable to make data connection. it just doesn't make sense due to the fact that I have triple checked all the port forwarding etc etc. any suggestions.

You should read carefully this post (http://ubuntuforums.org/showpost.php?p=680702&postcount=81) and check that you have well added your MasqueradeAddress and PassivePorts commands which are needed when you use a router.

You can always try those parameters if it still don't work :
UseReverseDNS off
IdentLookups off

Hello again,

I fixed the "500 FTP server shut down" error by reinstalling as standalone server.
Now I have a little problem with my permissions. If I try copying a file(with command sudo cp file_name /home/FTP-shared/download) to the download folder(that way someone can download it)

I don't get the same permissions as the folder:

drwxr-xr-x 2 root root 4096 2007-04-03 20:40 download

I only get:

-rwx------

If I connect from remote I can't download the file. I must add permission "read" to group and user(-rwxr--r-- )

Is it possibile to copy and assign the same permissions as the folder?

Thanks

This is a right management question, when you copy a file it keeps its own permission. So except giving the file you want to copy in the download folder the read permission before copying it i have no clue.
BTW you can mount a whole directory in /home/FTP-shared/download if you wish using the "mount -o bind" command rather than copying files in the download directory.

I want the GFTPD program to remote administrate an proftpd server :( and that's not possible with these features it uses right now :/

Hello. New to Ubuntu and linux actually. I need to setup a secure ftp server for my hospital to transfer sensitive information to external partners. This setup looks like it is just the thing I need.

I was able to follow the 1st part of the how-to and had a working ftp server. I then moved onto the encryption part. i had no errors following that how to either, but I am not able to connect to the server any longer.

I am using Filezilla as my client (2.2.26a), here is my config:
Servertype: FTP over TLS (explicit encryption)
Logontype: Normal

Filezilla log:
Status: Connecting to 10.1.1.16 ...
Status: Connected with 10.1.1.16, negotiating SSL connection...
Response: 220 ProFTPD 1.3.0 Server ready.
Command: AUTH TLS
Response: 234 AUTH TLS successful
Error: Can't establish SSL connection
Error: Disconnected from server
Error: Unable to connect!

Any ideas?

-Dave

Hi SLMHC,

I think your problem is related to the connection parameters you entered in Filezilla, there's 2 encryption methods for the FTP protocol one based on SLL (often called SFTP) which use a ssh tunnel as far as i know and the other described in the guide called TLS encryption (also called FTPS). Seing the word SSL in the filezilla log you posted makes me think that you chose SSL instead of TLS in your filezilla settings.
Reading the home page of filezilla i'm not sure it supports FTP with TLS encryption also called FTPS (whish is different than SFTP which use the SSL method), so i thinks it's just that filezilla don't support this encryption method.

If you use firefox you can just install fireftp which is a FTP extension of firefox and supports FTP with TLS encryption, click the link below to install it :
https://addons.mozilla.org/en-US/firefox/addon/684

I tried using fireftp and I was able to connect, well, sortof...I was able to see the remote folder but the program kept trying to complete the connection and would finally time out.

Maybe some firewall issues, did you check that all the needed ports are opened on both server and client side ?

This test was via the internal network, once I get it working locally Ill move to opening up my firewall.

To my knowledge SFPT uses SSH and isnt FTP & FTPS is FTP over SSL/TLS.

Hmm I installed using gproftpd and proftpd. I just need something real simple for accessing my computer from school. the gui seemed to work great but I don't really know if it works at all. The ftp server seems to use /etc/proftpd/proftpd.conf and the gui makes a new file to use: /etc/proftpd.conf. So I am not really sure if the server sees that or not. The main thing is that I will have the server atleast working but when I reboot it clears the password settings on the accounts. So then on a reboot I will have to re-run to the gui and set the passwords again before I can log in. Not sure if I am doing something wrong or what...:(


edit:

Ok I found an alternative to ftp (not to knock the mod authors or anything). If you just need very basic upload capability, then look into the "simple upload script": http://paksofts.uni.cc/scripts.htm :)

When I try to use proftptools, i get this error:


hbomb@ubuntu:~$ ProftpTools
The application 'gksudo' lost its connection to the display localhost:10.0;
most likely the X server was shut down or you killed/destroyed
the application.
hbomb@ubuntu:~$

Any idea as to why? I followed the how to as instructed. I am using dapper.

Any help would be most appreciative. :)

It seems to be a problem with gksudo, do you have problems with gksudo when you use it for an other apps ?

BTW, this script can be improve but it seems that you are not many to use it, that's why the few bug it has hasn't been fixed, if you find the script useful feel free to say it so i wll maybe put some energy in when have time.

Hmm I installed using gproftpd and proftpd. I just need something real simple for accessing my computer from school. the gui seemed to work great but I don't really know if it works at all. The ftp server seems to use /etc/proftpd/proftpd.conf and the gui makes a new file to use: /etc/proftpd.conf. So I am not really sure if the server sees that or not. The main thing is that I will have the server atleast working but when I reboot it clears the password settings on the accounts. So then on a reboot I will have to re-run to the gui and set the passwords again before I can log in. Not sure if I am doing something wrong or what...:(


edit:

Ok I found an alternative to ftp (not to knock the mod authors or anything). If you just need very basic upload capability, then look into the "simple upload script": http://paksofts.uni.cc/scripts.htm :)

At least you found an alternative but to answer your questions so you don't think Proftpd isn't a good FTP server.

1.) This is most likely because gproftpd has been updated to reflect Proftpd config file location for Edgy (/etc/proftpd.conf). The good thing about open source stuff is that all you would have to do is open up the gproftpd script/program file and look for the line of code that calls for where the config file gets saved and change it to where the Proftpd version in Dapper asks for it.
OR
You could always change the Proftpd program and look for the code that calls out for the location of the config file it should use and change it there.
OR
If you're learly about editing code (you shouldn't be, it's just a line that says, "Hey, go get this file and use it for your configuration") You would have to do is simply take the latest file that you know has the changes you made from within the gui and put it in the location that Dapper's Proftpd server access's, which is /etc/proftpd/proftpd.conf.
OR
You could make a symlink that would basically make /etc/proftpd/proftpd.conf be linked to /etc/proftpd.conf

2.) I am not sure what you mean about passwords getting changed? I haven't used gproftpd but the way that Proftpd works I thought (at least a secure way) is by creating a user without shell access and chrooting him into his home directory. So it's PAM that saves the password for this user. Maybe you could explain better but I am sure there is an explaination.

2.) I am not sure what you mean about passwords getting changed? I haven't used gproftpd but the way that Proftpd works I thought (at least a secure way) is by creating a user without shell access and chrooting him into his home directory. So it's PAM that saves the password for this user. Maybe you could explain better but I am sure there is an explaination.

Thanks for the info.

What I mean is that everything works fine until I restart the box and then once proftpd is back up and running no one can log in. The only fix I found is to open gproftpd up and go to the user and re enter the password.

Frodon,

It works now, I rebooted my box and that fixed it, odd huh? Anyways, I like the tools, they make tasks easier and I will most definitely be using it. And thanks for the excellent howto, it really made it a breeze getting proftp set up securely. :D

h-bomb

If you have a problem with the script feel free to PM me, there"s a known bug with the mount function in my scrpt for directories which contain space in their name but i know how to fiw it so if you ask i will commit a version with this bug fixed.

Hello. I have done almost everything from tutorial but i get this when i try to start the ftp:

* Starting ftp server proftpd
- IPv6 getaddrinfo 'localhost' error: Name or service not known

I have also tried with other peoples configs but that didn't work either. I have opened the port 1980 and I also tried with 60000 65535 ports and they didn't even work to forward on my Dell router.. whys that? Yeah, I ve put a static ip too..

Please somebody write a bit what i should do..! As I said I ve almost done everything (added userftp as a user, made the dirs etc).. Thanks.

The IPv6 error don't prevent the server from running as expected, it just tells that you don't use IPv6 which is normal, you can just forget this error.

Thank you frodon! That helps alot. :D

Okey i have opned the port 1980 in the router as i said and It doesn't work in the FTP with that port. But when i try with 21 in the ftp (and 1980 in the config file) I get the welcome massage and info about what ftp I'm using etc and then i get the 530 error. What should I do now?

This is what almost works (exept for the 530 problem)
adress: the servers ip
user: the one that I wrote in the conf
pass: the one that I gave ftpuser
port: 21 (as I said 1980 dosen't work)

Very thankfull for answers.

EDIT: Just tried with user: ftpuser and it worket! (on port 21 also) .. Any word on that?

EDIT2: Also.. I'm, trying to get it to work outside my home (and router) and it doesnt work. OFcours I'm using the WAN ip then.. Any tips on that?

This is a common issue and often due to a configuration problem, in this case you should check that you gave the good rights to the directories you are using then try to change the password of the user you use for the FTP, sometimes there's some problems with the password recognition on the first use.

The weird thing is that i got it working with the ftpuser, the user i made because the tutorial said me too, I didn't know that I were suppose to use the ftpuser-user to access my ftp, is that so?

And how can i change the port to a more secure one that 21? Didn't work to use 1980 in the config file and open the port on the router.. And what should I do to be able to use the ftp outside the router?

If it don't work with 1980 it's mainly due to your router/firewall but don't bother with if someone want to hack your FTP server he will scan all your ports so that's not a big issue to have your server on port 21.
For the user you are supposed to use the alias you set in the config file but it's not dramatic if you use directly ftpuser.

For the router config see this post :
http://ubuntuforums.org/showpost.php?p=680702&postcount=81

Thanks! Last questions now.. Sorry if I'm a pain in the ***..

Got it working with my wan-ip now, but I can't reach it with a browser, only in a ftp. Why's that? A domain shouldn't be necessery if I'm correct. What can i do about that?

Also, is this something to worry about?

ALSA lib confmisc.c:672:(snd_func_card_driver) cannot find card '0'
ALSA lib conf.c:3493:(_snd_config_evaluate) function snd_func_card_driver returned error: No such device
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:3493:(_snd_config_evaluate) function snd_func_concat returned error: No such device
ALSA lib confmisc.c:1072:(snd_func_refer) error evaluating name
ALSA lib conf.c:3493:(_snd_config_evaluate) function snd_func_refer returned error: No such device
ALSA lib conf.c:3962:(snd_config_expand) Evaluate error: No such device
ALSA lib pcm.c:2102:(snd_pcm_open_noupdate) Unknown PCM default

Hi,
tried to configure proftpd to let myself only, view all files, hidden ones included.
Did this way:

<IfUser userfp2>
ListOptions "-l -a"
<\IfUser>

but I get:
Fatal: unknown configuration directive '<IfUser>' in line ....

The weird thing is that i get this kind of error, even with lines suggested on Castaglia's website...
Any suggestion??
thanks in advance

Thanks! Last questions now.. Sorry if I'm a pain in the ***..

Got it working with my wan-ip now, but I can't reach it with a browser, only in a ftp. Why's that? A domain shouldn't be necessery if I'm correct. What can i do about that?No problem

To join your FTP server in a browser you need to pass the username ine the adress, for example if your IP is 123.456.789.123 and your ftp username "toto" you will need to enter this in your browser :
ftp://toto@123.456.789.123
Also, is this something to worry about?

ALSA lib confmisc.c:672:(snd_func_card_driver) cannot find card '0'
ALSA lib conf.c:3493:(_snd_config_evaluate) function snd_func_card_driver returned error: No such device
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:3493:(_snd_config_evaluate) function snd_func_concat returned error: No such device
ALSA lib confmisc.c:1072:(snd_func_refer) error evaluating name
ALSA lib conf.c:3493:(_snd_config_evaluate) function snd_func_refer returned error: No such device
ALSA lib conf.c:3962:(snd_config_expand) Evaluate error: No such device
ALSA lib pcm.c:2102:(snd_pcm_open_noupdate) Unknown PCM defaultALSA is a sound driver so this has nothing to do with you FTP server

Hi,
tried to configure proftpd to let myself only, view all files, hidden ones included.
Did this way:

<IfUser userfp2>
ListOptions "-l -a"
<\IfUser>

but I get:
Fatal: unknown configuration directive '<IfUser>' in line ....

The weird thing is that i get this kind of error, even with lines suggested on Castaglia's website...
Any suggestion??
thanks in advanceI think it's surely because you don't load the module which contain these directives. Which version of proftpd are you using ?

I think it's surely because you don't load the module which contain these directives. Which version of proftpd are you using ?

Actually, I thought of it but was not sure. Anyway, my version on Edgy is 1.3.0
How can I load the module ?
thanks, frodon!

The list of available modules should be in /etc/proftpd/modules.conf, just uncomment those you want to load and make sure that you have this line at the beginning of your proftpd.conf file :
Include /etc/proftpd/modules.conf

For your ListOptions command you need "mod_ls"and for IfUser commands i believe it's mod_ifsession.

The list of available modules should be in /etc/proftpd/modules.conf, just uncomment those you want to load and make sure that you have this line at the beginning of your proftpd.conf file :
Include /etc/proftpd/modules.conf

For your ListOptions command you need "mod_ls"and for IfUser commands i believe it's mod_ifsession.

Thanks Frodon! everything works now!
Anyway, the mod_ifsession was uncommented already, so I had to add the line you suggested in /etc/proftpd.conf, only!
No clues about mod_ls, instead! it's no listed! anyway, as I said, everything seems to be working!
Thanks again!

Glad to hear that :)

Could you post your proftpd.conf just to share your config with others, some may be interested by your config i think ;)

Glad to hear that :)

Could you post your proftpd.conf just to share your config with others, some may be interested by your config i think ;)

Sure, I'll do it in the afternoon! even I think it's no a special one :-) many people could do it better :-)

Thanks again frodon!

Well I said the last questions.. But well I'm wondering one more thing! Are there any tutorial or do you got any tips on how to configure apache2 on proftpd?

Thanks again frodon!

Well I said the last questions.. But well I'm wondering one more thing! Are there any tutorial or do you got any tips on how to configure apache2 on proftpd?I'm scared that you reached the limit of my knowledge lol, seriously i never used apache2 server so i can't help you on this but if you have successfully set a FTP server it shouldn't be too hard ;)

No problem

To join your FTP server in a browser you need to pass the username ine the adress, for example if your IP is 123.456.789.123 and your ftp username "toto" you will need to enter this in your browser :
ftp://toto@123.456.789.123
ALSA is a sound driver so this has nothing to do with you FTP server


just an FYI, for some ftp sites, I am able to simply type in ftp://45.345.34.123
and then internet explorer will pop open a dialog box. this is in IE 6.0.2800.1106.......

I find your post for Proftp very useful, but I have a problem obviously with my firewall. I am on red hat and when I select my eth0 as trusted, remote machines can log on to my server, if its not trusted is not reachable
in my proftd.conf i added PassivePorts 49152 65534 and here is my iptables

Generated by iptables-save v1.2.11 on Thu Apr 19 17:52:31 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2259:2187792]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m tcp --dport 49152:65534 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Apr 19 17:52:31 2007


and here's the error from the remote ftp client

Error: Transfer channel can't be opened. Reason: A socket operation was attempted to an unreachable host.

Error: Could not retrieve directory listing

Command: TYPE A

Error: Timeout detected!

tell me what is the problem pls.

I find your post for Proftp very useful, but I have a problem obviously with my firewall. I am on red hat and when I select my eth0 as trusted, remote machines can log on to my server, if its not trusted is not reachable
in my proftd.conf i added PassivePorts 49152 65534 and here is my iptables

Generated by iptables-save v1.2.11 on Thu Apr 19 17:52:31 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2259:2187792]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m tcp --dport 49152:65534 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Apr 19 17:52:31 2007


and here's the error from the remote ftp client

Error: Transfer channel can't be opened. Reason: A socket operation was attempted to an unreachable host.

Error: Could not retrieve directory listing

Command: TYPE A

Error: Timeout detected!

tell me what is the problem pls.

this is the same error that I get?? It does show me that I am logged in but then it gives me this error just like your saying and also doesn't show me any directories etc etc. what's weird is that at 1 time I did have this working and the only ports that I forwarded were 20 and 21 and I didn't use the Passive Ports option or masquarade option within proftpd but now I can't get it working again? I don't understand why it worked at one time and now it doesn't?

The problem is within the firewall i previously i used this passive port range
-A INPUT -p tcp -m tcp --dport 49152:65534 -j ACCEPT

and then i change it to

-A INPUT -p tcp -m tcp --dport 1023:65534 -j ACCEPT

and it works now :P

dont know if I'm doing a mistake or not u this is the only solution that I found.

what about the passive ports config setting within proftpd.conf??? did you comment that out or change that value to match iptables? i can't believe we have to open all those ports!!!! very insecure I would think

Nice Tutorial Thnx :)

U are opening the ports of the firewall, but u can still leave the range of the ftp not so widely open. U can make a small range of ur ftp conf if u have little users

i have a questions also, lets say that I will be the only one using this ftp server, do I have to use passive mode? are there advantages to using passive mode, i mean besides when many people use it at the same time?

Hey guys... I'm not sure if this has been asked and solved before (I got tired of reading through after the first 5 pages... sorry), but I have a problem. I did as in the tutorial. This is an FTP server to compliment my Apache web server, so I've got a user called webadmin that has the home directory of /var/www/, I can get into the server fine using KFTPGrabber, But when I try to delete any files, I get permission denied. I thought I had the right permissions allowed, but maybe not... here's the permissions part:

<Directory /var/www/>
Umask 022 022
AllowOverwrite on
<LIMIT RMD DELE READ WRITE STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Did I type something wrong? Or what? Thanks in advance for the help.

Okay, I have been using linux for a little over 2 months; and so far nothing as worked (exaggeration; just very frustrated). The funny thing is how grateful I am when something just partially works, like I'm making some type of progress or something. I've used this how-to before and it worked flawlessly for me, much appreciation. However, I did a clean install of edgy and decided to try and install proftpd again; felt a little more confident this time. I followed the how-to step by step up to the point of creating user accounts and passwords. I created a user account and set the password in the Users and Groups section. I get a 530 incorrect login when trying to connect. What is puzzling to me is when I go back to Users and Groups, the password entered is not what I declared earlier? I know you can't read what is entered but the password is shorter than what I entered. I tried to log out/in again but his had no effect. Is there something I'm missing? Why doesn't the password entered in User and Groups remain the same.

Why doesn't the password entered in User and Groups remain the same.Maybe it's just a bug or a typo when you typed the password. Anyway you can change it with this command :
sudo passwd username

I've got it up and running, thanks for help

I got to Part B Step 3 in the understanding department however the larger text about editing the proftpd.conf I have no idea what I'm supposed to edit. Any suggestions?

I don't know it depends on you, edit what don't fit your needs like the ftp server port number for example (1980 in the guide) or the directory paths or maybe if it's fine for you like that just cut and paste.

Hello,
I am an absolute beginner .
I get this in my terminal session:

robert@pentiumIII:~$ sudo apt-get install proftpd gproftpd
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package proftpd
robert@pentiumIII:~$

What can i do ?
Thanks for your help

enable the repositories that proftpf exists in. i believe it's in the universe repo. here's mine for dapper:

deb http://archive.ubuntu.com/ubuntu/ dapper universe main restricted multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ dapper universe

just do

sudo cp /etc/apt/sources.list /etc/apt/sources.list-backup

(This step backs it up in case you need to revert to the original. this is a good habit with all system files. always backup first)

gksudo gedit /etc/apt/sources.list

(then just read the contents of the file and where it states to uncomment the 2 lines that are similar to mine, that means to delete the pound symbol. In linux, a pound symbol (#) usually means that the line that starts with that symbol is "generally" not used, meaning it's not part of the program etc etc.

then make sure you save the file before you close. then

sudo aptitude update && aptitude upgrade

then simply try to install it again and it should work this time as you have now enabled tons of other software possibilities.

A lot of people, not only here, seem to get a 530 error. A simple way to test what that's all about is to modify the XAMPP (http://www.apachefriends.org/en/xampp-linux.html#374) config file to suit the server. It reads:


# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
#Group nogroup

# Normally, we want files to be overwriteable.
<Directory /home/ftp/*>
AllowOverwrite on
</Directory>

# only for the web servers content
DefaultRoot /home/ftp

# nobody gets the password "lampp"
UserPassword nobody wRPBu8u4YP0CY

# nobody is no normal user so we have to allow users with no real shell
RequireValidShell off

# nobody may be in /etc/ftpusers so we also have to ignore this file
UseFtpUsers off


It's not as secure, but it's a step towards debugging the problem, at least. Of course, if you were to use this config, you would have to change the username and password. I also changed the "/home/FTP-shared/[up|down]load" system to just having one folder for it all. Seems a little more... logical.

How do I get to the GUI in 7.04 Server?

Hello Dannyboy79,
Thanks for your help about /etc/apt/sources.list
I could install my proftpd program. Fine
Next job for me : work with it !

^ Same for me. Now I have to figure out what to change and how to get to the GUI.

^ Same for me. Now I have to figure out what to change and how to get to the GUI.

what gui are you guys talking about? maybe gproftpd? If you follow his guide there is really no need for a gui. it's just editing 1 file and he has great instructions. plus you'll learn more this way whereas when you use a gui you're so dependent on it and then what if you upgrade somethign and then the gui doesn't work, you're stuck and then have to learn how to manually edit files anyway. just my 2 cents.

i start server and it get back something like this

* Starting ftp server proftpd - IPv6 getaddrinfo 'hal9000' error: No address associated with hostname



what should i do?

thx a lot

start by posting the content of your /etc/hosts file

i start server and it get back something like this

* Starting ftp server proftpd - IPv6 getaddrinfo 'hal9000' error: No address associated with hostname



what should i do?

thx a lot
this error is ok, it's merely stating that you don't have a regisetered hostname on IPv6 inernet and according to Frodon this is ok. I see he error on my fp server and i still works. no sure what page frodon commens abou this on but it's alright or are you saying that your server isn't working?

start by posting the content of your /etc/hosts file


127.0.0.1 localhost
86.49.126.49 hal9000
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

can you connect to the ftp server?

`opH

add your box's name to the IPv6 info in /etc/hosts:
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback <add it here>
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Do this if you wish for the error message to go away, it is no big deal like dannyboy79 said, but if the message annoys you then just add you box's name like above.

`opH

add your box's name to the IPv6 info in /etc/hosts:
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback <add it here>
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Do this if you wish for the error message to go away, it is no big deal like dannyboy79 said, but if the message annoys you then just add you box's name like above.


thank you very much now it's work

Hallo!
I have Ubuntu 6.06 with ProFTPd 1.3.0. Now I want to configure mod_tls. I've read the first post of this topic and done all.
Now, if mod_tls ON, connection to ftp is very slow, and TLS isn't work :-(
In TLS.log:
mod_tls/2.1.1[15712]: ssl/tls required but absent on control channel, denying USER command
What I've done wrong?

i've got another problem... nobody cam connect to my FTP. it's like he haven't a created acc but i created it. what should i post to get me an advice? thx opH

wow! great guide!

i managed to use your guide as a base for setting up my own multi user server (see here: http://ubuntuforums.org/showthread.php?t=466582)

but, i wanted to try encrypted FTP, and i managed to follow your instructions and now my server operates only on SSL (as i would like...) but when i try to connect this is the output i get

WinSock 2.0 -- OpenSSL 0.9.8b 04 May 2006
[R] Connecting to 192.168.2.88 -> IP=192.168.2.88 PORT=1396
[R] Connected to 192.168.2.88
[R] 220 you're at home
[R] AUTH TLS
[R] 234 AUTH TLS successful
[R] Connected. Negotiating TLSv1 session..
[R] error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[R] Failed TLSv1 negotiation, disconnected
[R] Connection failed (Connection closed by client)
[R] Delaying for 120 seconds before reconnect attempt #1
[R] Retry attempt Aborted

this output comes from flashfxp 3.4.0 running on windows x64

any ideas?

wow! great guide!

i managed to use your guide as a base for setting up my own multi user server (see here: http://ubuntuforums.org/showthread.php?t=466582)

but, i wanted to try encrypted FTP, and i managed to follow your instructions and now my server operates only on SSL (as i would like...) but when i try to connect this is the output i get

WinSock 2.0 -- OpenSSL 0.9.8b 04 May 2006
[R] Connecting to 192.168.2.88 -> IP=192.168.2.88 PORT=1396
[R] Connected to 192.168.2.88
[R] 220 you're at home
[R] AUTH TLS
[R] 234 AUTH TLS successful
[R] Connected. Negotiating TLSv1 session..
[R] error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[R] Failed TLSv1 negotiation, disconnected
[R] Connection failed (Connection closed by client)
[R] Delaying for 120 seconds before reconnect attempt #1
[R] Retry attempt Aborted

this output comes from flashfxp 3.4.0 running on windows x64

any ideas?

I never could get encryption to work either but from what I see, you're trying to use 2 different protocols, TLSv1 and SSLv3, those can't communicate properly I don't think. Is there an preference within FlashFXP for the encypt protocol that is used? sorry I couldn't be of more help.

Darth_tater, Are you sure to have selected the right protocol ? The instruction in my guide are for TLS encryption (also called FTPS) not SSL (which is called SFTP).

uhh, as ia said above flashfxp 3.4.0 running on windows x64

here is a screenshot...

http://img338.imageshack.us/img338/2774/ftpdl4.th.jpg (http://img338.imageshack.us/my.php?image=ftpdl4.jpg)

Could you try with another FTP client just to be sure that it's not a FTP client issue, ? If you have firefox you can try the fireFTP extension it has TLS support.

nvm fixed it**
post edited**

I haven't tried this in a very long time but I just found this and it may or may not help you. BUt according to this link: http://www.verio.com/support/documents/view_article.cfm?doc_id=2261
you need to ensure that your server will accept various ciphers of the TLS/SSL encryption so they suggest adding this to your TLS section within your proftpd.conf file.

TlsCipherList ALL:!EXP

As I said, don't know if it will help, just found it and thought what the hell, might as well let him know. Good luck

I have followed the guide step by step but I can't get it to work. I try to log on to my servers ftp from IE, I type the correct port and the login box pops up. I enter the correct information and the box dissapears and it start to load, then nothing happens, it never gets passed the loading part. Anyone who has a solution for this?

Heinrisch, we need more details to help you like your config, you proftpd.conf, the log of your FTP client and in general all informations that can help to make an analysis. Without that it will be hard to help you.

This is my config:
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias samba userftp

ServerName "wihoo"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1112

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Its basically the same as the example, I thinkn I only changed the username and the port. Im running the latest version of the ubuntu server.

This is what my ftp log says:

...
::ffff:192.168.1.1 UNKNOWN nobody [14/Jun/2007:22:22:16 -0400] "USER samba" 331 -
::ffff:192.168.1.1 UNKNOWN userftp [14/Jun/2007:21:22:16 -0500] "PASS (hidden)" 230 -
::ffff:192.168.1.1 UNKNOWN userftp [14/Jun/2007:21:22:16 -0500] "CWD /" 250 -
::ffff:192.168.1.1 UNKNOWN userftp [14/Jun/2007:21:22:16 -0500] "TYPE A" 200 -
::ffff:192.168.1.1 UNKNOWN userftp [14/Jun/2007:21:22:16 -0500] "PASV" 227 -
...


When I try to log this happens:
I connect, get respons from server asking me for password, sending back password and then it timeouts..