Find the answer to your Linux question:
Results 1 to 3 of 3
Don't know if I am putting this under the right forum, but here it goes... I have a small webserver going in my basement for me and some friends to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Feb 2004
    Posts
    139

    Passive FTP


    Don't know if I am putting this under the right forum, but here it goes...

    I have a small webserver going in my basement for me and some friends to host off of. It is running Mandrake 9.2 and ProFTPd 1.2.8 (mdk RPM package). The server works fine if I connect via LAN, but for those who are outside of it, they get the following:

    gFTP 2.0.17pre0, Copyright (C) 1998-2003 Brian Masney <masneyb@gftp.org>. If you have any questions, comments, or suggestions about this program, please feel free to email them to me. You can always find out the latest news about gFTP from my website at http://www.gftp.org/
    gFTP comes with ABSOLUTELY NO WARRANTY; for details, see the COPYING file. This is free software, and you are welcome to redistribute it under certain conditions; for details, see the COPYING file
    Looking up xx.xx.xx.xx
    Trying xx.xx.xx.xx:21
    Connected to xx.xx.xx.xx:21
    220 ProFTPD 1.2.8 Server (ProFTPD Default Installation) [server]
    USER xxxx

    331 Password required for xxxx.
    PASS xxxx
    230 User xxxx logged in.
    SYST

    215 UNIX Type: L8
    TYPE I

    200 Type set to I
    PWD

    257 "/" is current directory.
    PASV

    227 Entering Passive Mode (192,168,1,101,16,145).

    Cannot create a data connection: No route to host
    Disconnecting from site xx.xx.xx.xx
    Looks to me from the bottom there, that it is using the internal LAN IP for Passive mode. How can I change this...or is something else causing this?

    Also, which ports should be forwarded to the FTP server through the router (besides 21)?

    BTW, I have /etc/hosts set that the machine is set to the external IP. Is this correct?

    Thanks for your help.
    If you love something, emerge it

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284

    Re: Passive FTP

    Quote Originally Posted by Blue|Fusion

    Looks to me from the bottom there, that it is using the internal LAN IP for Passive mode. How can I change this...or is something else causing this?

    Also, which ports should be forwarded to the FTP server through the router (besides 21)?

    BTW, I have /etc/hosts set that the machine is set to the external IP. Is this correct?

    Thanks for your help.
    Port 20 (FTP-Data) also needs to be allowed through the router.

    it is possible you dont need to change anything to do with the IP address issue, look in the proftpd config file, if there is no setting in there ,it doesnt need changing.

    I have absolutly no idea why you've done the last part with /etc/hosts..

  3. #3
    Linux Newbie
    Join Date
    Feb 2004
    Posts
    139
    Code:
    Looking up 67.149.3.88 
    Trying d149-67-88-3.clv.wideopenwest.com&#58;21 
    Connected to 67.149.3.88&#58;21 
    220 ProFTPD 1.2.8 Server &#40;Welcome to hax0r's FTP. You are now being hacked.&#41;
    USER jchambers 
    
    331 Password required for jchambers. 
    PASS xxxx 
    230 User jchambers logged in. 
    SYST 
    
    215 UNIX Type&#58; L8 
    TYPE I 
    
    200 Type set to I 
    PWD 
    
    257 "/" is current directory. 
    PASV 
    
    227 Entering Passive Mode &#40;192,168,1,101,4,13&#41;. 
    Cannot create a data connection&#58; No route to host 
    Disconnecting from site 67.149.3.88
    That is raw log from a friend using gFTP outside my network.


    Here is /etc/proftpd.conf:
    Code:
    # This is a basic ProFTPD configuration file &#40;rename it to
    # 'proftpd.conf' for actual use.  It establishes a single server
    # and a single anonymous login.  It assumes that you have a user/group
    # "nobody" and "ftp" for normal operation and anon.
    
    ServerName                      "Welcome to hax0r's FTP. You are now being hacked."
    ServerType                      standalone
    DefaultServer                   on
    
    # Allow FTP resuming.
    # Remember to set to off if you have an incoming ftp for upload.
    AllowStoreRestart               off
    
    # Port 21 is the standard FTP port.
    Port                            21
    
    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask                           022
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # &#40;such as xinetd&#41;.
    MaxInstances                    30
    
    # Set the user and group under which the server will run.
    User                            nobody
    Group                           nogroup
    
    # To cause every FTP user to be "jailed" &#40;chrooted&#41; into their home
    # directory, uncomment this line.
    DefaultRoot ~
    
    # Normally, we want files to be overwriteable.
    <Directory />
      AllowOverwrite                on
    </Directory>
    
    # Needed for NIS.
    
    PersistentPasswd              on
    
    # Default root can be used to put users in a chroot environment.
    # As an example if you have a user foo and you want to put foo in /home/foo
    # chroot environment you would do this&#58;
    #
    # DefaultRoot /home/foo foo
    And here is /etc/hosts (I don't know if it has anything to do with it, but here it goes...
    Code:
    127.0.0.1               localhost
    192.168.1.101           server
    192.168.1.101 is the server's LAN addy and 'server' is its hostname.

    What I am very confused about it at the bottom of the gFTP log is:
    Code:
    227 Entering Passive Mode &#40;192,168,1,101,4,13&#41;.
    Why is it looking for a passive post on the servers lan address?
    If you love something, emerge it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •