Should i port forward the passive ports aswell ?
Thank you
Yes, it's easy to use and really powerful
Yes, but i won't use it
No, the GUI has to be improved
Should i port forward the passive ports aswell ?
Thank you
I don't think so.
Still no go :s
heres my proftpd.conf
I'm port forwarding 20,21,1980.Code:# # /etc/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # AllowOverwrite on AuthAliasOnly off # Choose here the user alias you want !!!! UserAlias frbr userftp ServerName "Debian" ServerType standalone DeferWelcome on MultilineRFC2228 on DefaultServer on ShowSymlinks off TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 #DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" RequireValidShell off TimeoutLogin 20 RootLogin off # It's better for debug to create log files ;-) ExtendedLog /var/log/ftp.log TransferLog /var/log/xferlog SystemLog /var/log/syslog.log #DenyFilter \*.*/ # I don't choose to use /etc/ftpusers file (set inside the users you want #to ban, not useful for me) UseFtpUsers off # Allow to restart a download AllowStoreRestart on # Uncomment this if you are using NIS or LDAP to retrieve passwords: PersistentPasswd off # Uncomment this if you would use TLS module: #TLSEngine on # Uncomment this if you would use quota module: #Quotas on # Uncomment this if you would use ratio module: #Ratios on # Port 21 is the standard FTP port, so don't use it for security reasons #(choose here the port you want) Port 1980 #Port 21 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 8 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. #AllowOverwrite on # Display a message after a successful login AccessGrantMsg "welcome !!!" # This message is displayed for each access good or not ServerIdent on "you're at home" # Set /home/FTP-shared directory as home directory DefaultRoot /home/FTP-shared # Lock all the users in home directory, ***** really important ***** DefaultRoot ~ MaxLoginAttempts 5 #VALID LOGINS <Limit LOGIN> AllowUser userftp #AllowUser frbr DenyALL </Limit> <Directory /home/FTP-shared> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory /home/FTP-shared/download/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory> /home/FTP-shared/upload/> Umask 022 022 AllowOverwrite on <Limit READ RMD DELE> DenyAll </Limit> <Limit STOR CWD MKD> AllowAll </Limit> </Directory> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. #DelayEngine off # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> MasqueradeAddress 192.168.1.254 # These ports should be safe... PassivePorts 60000 65535 UseReverseDNS off IdentLookups off
And using firestarter (iptables fron-end) allowing connections on 21.21.1980
Any clues?
Try to set and configure your FTP server install on port 21, it is way easier in general when having with router, firewall and passive ports.
BTW MasqueradeAddress must be the IP of your router not the IP of your computer on local network.
hi, i tried to set up a proftpd server with tls (ftps)
my config:
withCode:# This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "FTPS Server" ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 # Set the user and group under which the server will run. User nobody Group nogroup # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on AllowRetrieveRestart on AllowStoreRestart on # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> # A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. <Anonymous /data/ftp/Pub/Download> User ftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp RootLogin off RequireValidShell off # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayChdir .message # Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit> </Anonymous> <IfModule mod_tls.c> #Security (TSL/SSL Layer) TLSEngine on TLSLog /var/log/proftpd/tsl.log TLSProtocol TLSv1 TLSRequired off TLSRSACertificateFile /etc/proftpd/ftpcert/server.crt TLSRSACertificateKeyFile /etc/proftpd/ftpcert/server.key TLSCACertificateFile /etc/proftpd/ftpcert/ca.crt TLSVerifyClient off </IfModule>
sudo proftpd -nd5 -c /etc/proftpd/proftpd.conf
i see
in the tls_log i get thisserver (xxxxx) - FTP session requested from unknown class
server (xxxxx) - connected - local : Server IP:21
server (xxxxx) - connected - remote : Remote IP:50594
server (xxxxx) - FTP session opened.
server (xxxxx) - dispatching PRE_CMD command '' to mod_tls
server (xxxxx) - dispatching PRE_CMD command '' to mod_core
server (xxxxx) - dispatching PRE_CMD command '' to mod_core
server (xxxxx) - dispatching LOG_CMD_ERR command '' to mod_log
server (xxxxx) - mod_tls/2.1.2: scrubbing 1 passphrase from memory
server (xxxxx) - FTP session closed.
i am using filezilla 3.1.5 connection with FTPS and normal authNov 01 15:08:57 mod_tls/2.1.2[25298]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Nov 01 15:09:07 mod_tls/2.1.2[25298]: SSL/TLS required but absent on control channel, denying ^V^C^B command
what did i wrong what can i do?- ProFTPD Version 1.3.1
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_tls.c
mod_cap.c
thanks
Last edited by Sowa; November 1st, 2008 at 03:51 PM.
Great How-To. Got it all set up now
I wonder if its possible for me as "main user" on the computer to save files to Download folder with subfolders. But I only want 1 user to be able to add files there.
Bad idea in general to connect with your main user which have root access especially because he has root access.
Anyway to allow your user it is as simple as adding your user in LIMIT LOGIN section and create an alias for him if you use aliases.
If you want to go further proftp offers you a second way to handle users able to login via virtual users :
http://www.castaglia.org/proftpd/doc...tualUsers.html
Maybe I stated my question a little confusing.
Let's call my main account on my ubuntu box for "bob". I want "bob" to have write and read permission to the /home/FTP-share/download/(including subfolders) without sudo command. Since I will RSS download to that directory.
Edit:
I fixed it with this
without the <> ofc.Code:cd /home sudo chown -R <username>.<usergrp> FTP-shared
Last edited by sykostig; November 3rd, 2008 at 11:26 AM. Reason: Fixed
Maybe tweak the group and user directive so that files uploaded on the FTP server are owned by the user of your choice.
I think it is where to look.
Bookmarks