Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 15
Friends, Running latest/greatest Proftp on Redhat 9.0 and can connect as expected from the localhost and a command prompt anywhere on the LAN. Am also able to connect from a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2005
    Posts
    7

    Unable to access FTP from web browser


    Friends,

    Running latest/greatest Proftp on Redhat 9.0 and can connect as expected from the localhost and a command prompt anywhere on the LAN. Am also able to connect from a Linux server console that resides on an external public subnet through our firewall. So seemingly all is well in ftp-land. HOWEVER, when attempting to connect to the FTP from the outsode world using a web browser and via a web link, the connection fails with no clues left behind in any logs except the firewall log that merely indicated an attempted connect of extended duration.

    Any ideas out there????? I'm an old man and can't take the stress (heh)

  2. #2
    Linux Newbie
    Join Date
    Jul 2005
    Location
    classified
    Posts
    246
    Is your proftpd set up for active or passive connections? With active, you need to have both ports 20 and 21 available. With passive, only port 21 needs to be available. Web browsers generally cannot do passive.

  3. #3
    Just Joined!
    Join Date
    Jul 2005
    Posts
    7
    It is set up for active and, solely for testing purposes, I temporarily opened all access to it's IP so it doesn''t appear to be a firewall issue.

  4. #4
    Linux Newbie
    Join Date
    Jul 2005
    Location
    classified
    Posts
    246
    Another problem might be a firewall you don't even know about. Here at the university, I could access my ftp server from any computer at the university, but on no computers outside the university. It turns out the university has a giant invisible firewall that protects everything from all incoming traffic. It was simple enough to ask the university to allow connections to my server, once they had verified that I had secured it.

    So make sure something like this isn't happening to you. Your ISP might be blocking certain traffic even before it gets to your firewall.

  5. #5
    Just Joined!
    Join Date
    Jul 2005
    Posts
    7
    I certainly do appreciate the input, but I own the whole bloody network and our upstream is wide open with no firewalling at all....

  6. #6
    Linux Newbie
    Join Date
    Jul 2005
    Location
    classified
    Posts
    246
    Perhaps you could post your proftpd.conf? It really sounds like a network issue, but there's no harm in checking everything twice.

  7. #7
    Just Joined!
    Join Date
    Jul 2005
    Posts
    7
    That's what I keep coming back to as well but frankly have run out of places to look. Having said that, this is my *first* go with ProFTP so here's the conf (essentially unmodified from the package install):

    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.6 2003/09/24 10:51:11 dude Exp $

    ServerName "*******"
    ServerIdent on "FTP Server ready."
    ServerAdmin *************
    ServerType standalone
    #ServerType inetd
    DefaultServer on
    AccessGrantMsg "User %u logged in."
    #DisplayConnect /etc/ftpissue
    #DisplayLogin /etc/ftpmotd
    #DisplayGoAway /etc/ftpgoaway
    DeferWelcome off

    # Use this to excude users from the chroot
    DefaultRoot ~ !adm

    # Use pam to authenticate by default
    AuthPAMAuthoritative on

    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups off
    UseReverseDNS off

    # Port 21 is the standard FTP port.
    Port 21

    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask 022

    # Default to show dot files in directory listings
    ListOptions "-a"

    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228 off
    #RootLogin off
    #LoginPasswordPrompt on
    #MaxLoginAttempts 3
    #MaxClientsPerHost none
    #AllowForeignAddress off # For FXP

    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart on
    AllowStoreRestart on

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 20

    # Set the user and group that the server normally runs at.
    User ftp
    Group ftp

    # This is where we want to put the pid file
    ScoreboardFile /var/run/proftpd.score

    # Normally, we want users to do a few things.
    <Global>
    AllowOverwrite on
    <Limit ALL SITE_CHMOD>
    AllowAll on
    IgnoreHidden on
    </Limit>
    DefaultTransferMode binary
    RootLogin off
    RequireValidShell off
    ShowSymlinks off
    UseFtpUsers on
    </Global>

    # Define the log formats
    LogFormat default "%h %l %u %t \"%r\" %s %b"

    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine on
    #TLSRequired on
    #TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
    #TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
    #TLSCipherSuite ALL:!ADH:!DES
    #TLSOptions NoCertRequest
    #TLSVerifyClient off
    ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
    #TLSLog /var/log/proftpd/tls.log

    # A basic anonymous configuration, with an upload directory.
    <Anonymous ~ftp>
    User ftp
    Group ftp
    AccessGrantMsg "Anonymous login ok, restrictions apply."
    #
    # # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias anonymous ftp
    #
    # # Limit the maximum number of anonymous logins
    MaxClients 10 "Sorry, max %m users -- try again later"
    # # Put the user into /pub right after login
    # DefaultChdir /pub
    #
    # # We want 'welcome.msg' displayed at login, '.message' displayed in
    # # each newly chdired directory and tell users to read README* files.
    DisplayLogin /welcome.msg
    # DisplayFirstChdir .message
    # DisplayReadme README*
    #
    # # Some more cosmetic and not vital stuff
    # DirFakeUser on ftpadm
    # DirFakeGroup on ftpadm
    #
    # # Limit WRITE everywhere in the anonymous chroot
    <Limit WRITE SITE_CHMOD>
    DenyAll
    IgnoreHidden on
    </Limit>
    #
    # # An upload directory that allows storing files but not retrieving
    # # or creating directories.
    # <Directory uploads/*>
    # AllowOverwrite no
    # <Limit READ>
    # DenyAll
    # </Limit>
    #
    # <Limit STOR>
    # AllowAll
    # </Limit>
    # </Directory>
    #
    # # Don't write anonymous accesses to the system wtmp file (good idea!)
    WtmpLog off
    #
    # # Logging for the anonymous transfers
    ExtendedLog /var/log/proftpd/access.log WRITE,READ default
    ExtendedLog /var/log/proftpd/auth.log AUTH auth
    HideNoAccess on
    ShowSymlinks off
    RootLogin off
    RequireValidShell off
    UseFtpUsers on
    LoginPasswordPrompt off
    #
    </Anonymous>

  8. #8
    Linux Newbie
    Join Date
    Jul 2005
    Location
    classified
    Posts
    246
    The only signifigant difference between yours and mine is:

    Mine:
    # Set the user and group that the server normally runs at.
    User nobody
    Group nogroup
    Yours:
    # Set the user and group that the server normally runs at.
    User ftp
    Group ftp
    (well, that's not the only thing - I use inetd, and you seem to be using a standalone, but that shouldn't make a difference, should it?)

    And here's an interesting little line in the comments from the proftpd.conf file:
    # This is a basic ProFTPD configuration file.
    # It establishes a single server and a single anonymous login.
    # It assumes that you have a user/group "nobody" and "ftp"
    # for normal/anonymous operation.
    So I guess it could be that proftpd is rejecting your browser's authentication?

    Again, I would be more suspect of network connections.

    If it helps, point your browser at my server, see if the browser can get in:
    ftp://slackbox.tamu.edu
    At least then you will know that it is not a browser issue or network issue.

  9. #9
    Just Joined!
    Join Date
    Jul 2005
    Posts
    7
    Yeah, I can get to yours OK thru my browser. Now here's the kicker - I can hop out to a client's network and connect to our FTP from his console. So then I can assume that FTP is running correctly and all firewall rules are configured correctly... it's just when I come in thru the bloody browser that it fails - which is *of course* the method my users insist upon.

    Perhaps I'll suggest they consider burning CD's and using FedEx epress overnight.

  10. #10
    Linux Newbie
    Join Date
    Jul 2005
    Location
    classified
    Posts
    246
    I suspect it wouldn't hurt to try changing the lines quoted above, just to see what effect it has. Copy the original file to proftpd.conf.good, and then make the changes in proftpd.conf. If it doesn't work, you can always switch them back again.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •