Brilliant secure vsftp server has a pity:
while it runs behind a NAT in dynamic IP environment it gives to clients wrong IP-address for passive connections.
Instead of real external IP (i.e. 215.23.67.12) it sends out NAT-ted internal one (i.e. 192.168.1.2) for pasv_address value (500 PORT command illegal). Even advanced pasv_addr_resolve option needs vsftpd restart at the moment when external IP changes - but there is no watchers to catch this moment.
These two scripts are designed to correct this issue and get vsftpd's passive connections work in dynamic IP environment behind the NAT.
Place this script in the file named vsftpd.ip in /usr/sbin/
Code:
#!/bin/sh
# Script is dedicated for setting real (external) IP-address in pasv_address=
# parameter in vsftpd.conf.
# It's neccessary for running vsftp in dynamic DNS environment
# behind NAT in passive mode. It checks external IP every 5 minutes, then sleeps.
# Wriiten by: ais77 (http://forum.ubuntu.ru)
# Configure these settings:
CONFIG_FILE=/etc/vsftpd.conf # Location of vsftpd.conf
CONFIG_FILE_TMP=/etc/vsftpd.conf.tmp # Location of temporary file
DOMAIN=ais77.homeftp.net # Your external domain (i.e. from DynDNS.com)
LOG_FILE=~/vsftpd.ip.log
touch $CONFIG_FILE_TMP
touch $LOG_FILE
while :
do
realIP=`dig $DOMAIN +short`
vsftpdIP=`sed -n "/pasv_address=/s/pasv_address=//p" $CONFIG_FILE`
if [ $realIP != $vsftpdIP ]; then
sed "s/$vsftpdIP/$realIP/" $CONFIG_FILE > $CONFIG_FILE_TMP
mv -f $CONFIG_FILE_TMP $CONFIG_FILE
/etc/init.d/vsftpd restart
echo "["`date`"] IP changed: from "$vsftpdIP" to "$realIP >> $LOG_FILE
fi
sleep 5m
done
exit 0
Make shure to set your data for DOMAIN=
and get this file executable:
Code:
~$ sudo chmod +x /usr/sbin/vsftpd.ip
Second one will be a daemon run wrapper (if you want to your vsftpd.ip run as daemon at startup)
Place this one in file named ipftp in etc/init.d/
Code:
#!/bin/sh
# /etc/init.d/ipft
# vsftpd.ip daemon script
# Written by ais77 <http://forum.ubuntu.ru>
set -e
DAEMON=/usr/sbin/vsftpd.ip
NAME=ipftp
PIDFILE=/var/run/vsftpd/vsftpd.ip.pid
# Exit if vsftpd.ip is already running
test -x $DAEMON || exit 0
. /lib/lsb/init-functions
case "$1" in
start)
log_begin_msg "Starting vsftpd.ip daemon: $NAME"
[ -d /var/run/vsftpd ] || mkdir -p /var/run/vsftpd
start-stop-daemon --start --background -m --pidfile $PIDFILE --exec $DAEMON && log_end_msg 0 || log_end_msg 1
;;
stop)
log_begin_msg "Stopping vsftpd.ip daemon: $NAME"
start-stop-daemon --stop --pidfile $PIDFILE --oknodo && log_end_msg 0 || log_end_msg 1
rm -f $PIDFILE
;;
restart)
$0 stop
$0 start
;;
*)
log_success_msg "Usage: /etc/init.d/$NAME {start|stop|restart}"
exit 1
;;
esac
exit 0
Also make shure to set this file executable:
Code:
~$ sudo chmod +x /etc/init.d/ipftp
To start daemon execute:
Code:
~$ sudo /etc/init.d/ipftp start
To set vsftpd.ip daemon run at startup automatically:
Code:
~$ sudo update-rc.d ipftp defauts
Enjoy.
Bookmarks