Hey list,
Sorry for all the questions today. But I am trying to wrap up this ftp business and still having some issues. I appreciate your input.
SELinux is temporarily disabled (until I can work this all out) and I am now able to log into the FTP server.
[root@LCENT05:~] #/usr/bin/ftp localhost Connected to localhost (127.0.0.1). 220 FTP Server ready. Name (localhost:root): bluethundr 331 Password required for bluethundr Password: 230 User bluethundr logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (xx,xx,xx,xxx,255,44). ftp: connect: Invalid argument ftp>
I still have DebugLevel set to 10 in the config and this is what I see in the proftpd logs:
Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): USER bluethundr: Login successful. Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_tls Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_core Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'SYST' to mod_core Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching CMD command 'SYST' to mod_core Aug 13 12:00:39 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching LOG_CMD command 'SYST' to mod_log Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_tls Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_core Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching PRE_CMD command 'PASV' to mod_core Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching CMD command 'PASV' to mod_core Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): in dir_check_full(): path = '/', fullpath = '/'. Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): Entering Passive Mode (71,187,203,194,255,44). Aug 13 12:00:45 LCENT05 proftpd[2922] 192.168.1.48 (127.0.0.1[127.0.0.1]): dispatching LOG_CMD command 'PASV' to mod_log Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): Client session idle timeout, disconnected Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS at mod_auth_pam.c:173 Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): ROOT PRIVS: ID switching disabled Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): RELINQUISH PRIVS at mod_auth_pam.c:207 Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): RELINQUISH PRIVS: ID switching disabled Aug 13 12:05:08 LCENT05 proftpd[2863] 192.168.1.48 (71.187.203.194[71.187.203.194]): FTP session closed.
This is what my proftpd config is looking like at the moment.
I have the default root set to this directory:
DefaultRoot /var/www/html/jokefire.com
And I give access to this directory with this directive:
<Directory /var/www/html/jokefire.com> <Limit ALL> AllowAll </Limit> </Directory>
I plan to tighten up the security a little bit as I make some more progress. But my immediate goal is just to get this to work. :)
Here is the entire config.. just in case it might help!
Thanks once again!
Tim
# This is the ProFTPD configuration file # # See: http://www.proftpd.org/docs/directives/linked/by-name.html
# Server Config - config used for anything outside a <VirtualHost> or <Global> context # See: http://www.proftpd.org/docs/howto/Vhost.html
ServerName "ProFTPD server" ServerIdent on "FTP Server ready." ServerAdmin root@localhost DefaultServer on
# Cause every FTP user except adm to be chrooted into their home directory # Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to # work at session-end time (http://bugzilla.redhat.com/477120) VRootEngine on DefaultRoot /var/www/html/jokefire.com #DefaultRoot ~ !adm VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf
# Masqurade Address MasqueradeAddress xx.xxx.xxx.xxx
# Passive Ports PassivePorts 60000 65535
# Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c # If you use NIS/YP/LDAP you may need to disable PersistentPasswd #PersistentPasswd off
# Don't do reverse DNS lookups (hangs on DNS problems) UseReverseDNS off
# Set the user and group that the server runs as User nobody Group nobody
# To prevent DoS attacks, set the maximum number of child processes # to 20. If you need to allow more than 20 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode; in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20
# Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile off
# Defines debug level DebugLevel 10
# Define the log formats LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s"
# Define a system log SystemLog /var/log/proftpd/proftpd.log
# Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details # # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql.c # # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables # (contrib/mod_sql_passwd.html) # LoadModule mod_sql_passwd.c # # Mysql support (requires proftpd-mysql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_mysql.c # # Postgresql support (requires proftpd-postgresql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_postgres.c # # Quota support (http://www.proftpd.org/docs/contrib/mod_quotatab.html) # LoadModule mod_quotatab.c # # File-specific "driver" for storing quota table information in files # (http://www.proftpd.org/docs/contrib/mod_quotatab_file.html) # LoadModule mod_quotatab_file.c # # SQL database "driver" for storing quota table information in SQL tables # (http://www.proftpd.org/docs/contrib/mod_quotatab_sql.html) # LoadModule mod_quotatab_sql.c # # LDAP support (requires proftpd-ldap package) # (http://www.proftpd.org/docs/directives/linked/config_ref_mod_ldap.html) # LoadModule mod_ldap.c # # LDAP quota support (requires proftpd-ldap package) # (http://www.proftpd.org/docs/contrib/mod_quotatab_ldap.html) # LoadModule mod_quotatab_ldap.c # # Support for authenticating users using the RADIUS protocol # (http://www.proftpd.org/docs/contrib/mod_radius.html) # LoadModule mod_radius.c # # Retrieve quota limit table information from a RADIUS server # (http://www.proftpd.org/docs/contrib/mod_quotatab_radius.html) # LoadModule mod_quotatab_radius.c # # Administrative control actions for the ftpdctl program # (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html) # LoadModule mod_ctrls_admin.c # # Execute external programs or scripts at various points in the process # of handling FTP commands # (http://www.castaglia.org/proftpd/modules/mod_exec.html) # LoadModule mod_exec.c # # Support for POSIX ACLs # (http://www.proftpd.org/docs/modules/mod_facl.html) # LoadModule mod_facl.c # # Support for using the GeoIP library to look up geographical information on # the connecting client and using that to set access controls for the server # (http://www.castaglia.org/proftpd/modules/mod_geoip.html) # LoadModule mod_geoip.c # # Configure server availability based on system load # (http://www.proftpd.org/docs/contrib/mod_load.html) # LoadModule mod_load.c # # Limit downloads to a multiple of upload volume (see README.ratio) # LoadModule mod_ratio.c # # Rewrite FTP commands sent by clients on-the-fly, # using regular expression matching and substitution # (http://www.proftpd.org/docs/contrib/mod_rewrite.html) # LoadModule mod_rewrite.c # # Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over # an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html) # LoadModule mod_sftp.c # # Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for # mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html) # LoadModule mod_sftp_pam.c # # Use SQL (via mod_sql) for looking up authorized SSH2 public keys for user # and host based authentication # (http://www.castaglia.org/proftpd/modules/mod_sftp_sql.html) # LoadModule mod_sftp_sql.c # # Provide data transfer rate "shaping" across the entire server # (http://www.castaglia.org/proftpd/modules/mod_shaper.html) # LoadModule mod_shaper.c # # Support for miscellaneous SITE commands such as SITE MKDIR, SITE SYMLINK, # and SITE UTIME (http://www.proftpd.org/docs/contrib/mod_site_misc.html) # LoadModule mod_site_misc.c # # Provide an external SSL session cache using shared memory # (contrib/mod_tls_shmcache.html) # LoadModule mod_tls_shmcache.c # # Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny # files, for IP-based access control # (http://www.proftpd.org/docs/contrib/mod_wrap.html) # LoadModule mod_wrap.c # # Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny # files, as well as SQL-based access rules, for IP-based access control # (http://www.proftpd.org/docs/contrib/mod_wrap2.html) # LoadModule mod_wrap2.c # # Support module for mod_wrap2 that handles access rules stored in specially # formatted files on disk # (http://www.proftpd.org/docs/contrib/mod_wrap2_file.html) # LoadModule mod_wrap2_file.c # # Support module for mod_wrap2 that handles access rules stored in SQL # database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html) # LoadModule mod_wrap2_sql.c # # Provide a flexible way of specifying that certain configuration directives # only apply to certain sessions, based on credentials such as connection # class, user, or group membership # (http://www.proftpd.org/docs/contrib/mod_ifsession.html) # LoadModule mod_ifsession.c
# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html) <IfDefine TLS> TLSEngine on TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog /var/log/proftpd/tls.log <IfModule mod_tls_shmcache.c> TLSSessionCache shm:/file=/var/run/proftpd/sesscache </IfModule> </IfDefine>
# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html) # Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd <IfDefine DYNAMIC_BAN_LISTS> LoadModule mod_ban.c BanEngine on BanLog /var/log/proftpd/ban.log BanTable /var/run/proftpd/ban.tab
# If the same client reaches the MaxLoginAttempts limit 2 times # within 10 minutes, automatically add a ban for that client that # will expire after one hour. BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
# Allow the FTP admin to manually add/remove bans BanControlsACLs all allow user ftpadm </IfDefine>
# Global Config - config common to Server Config and all virtual hosts # See: http://www.proftpd.org/docs/howto/Vhost.html <Global>
# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable Umask 022
# Allow users to overwrite files and change permissions AllowOverwrite yes <Limit ALL SITE_CHMOD> AllowAll </Limit>
</Global>
# A basic anonymous configuration, with an upload directory # Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd <IfDefine ANONYMOUS_FTP> <Anonymous ~ftp> User ftp Group ftp AccessGrantMsg "Anonymous login ok, restrictions apply."
# We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp
# Limit the maximum number of anonymous logins MaxClients 10 "Sorry, max %m users -- try again later"
# Put the user into /pub right after login #DefaultChdir /pub
# We want 'welcome.msg' displayed at login, '.message' displayed in # each newly chdired directory and tell users to read README* files. DisplayLogin /welcome.msg DisplayChdir .message DisplayReadme README*
# Cosmetic option to make all files appear to be owned by user "ftp" DirFakeUser on ftp DirFakeGroup on ftp
# Limit WRITE everywhere in the anonymous chroot <Limit WRITE SITE_CHMOD> DenyAll </Limit>
# An upload directory that allows storing files but not retrieving # or creating directories. <Directory uploads/*> AllowOverwrite no <Limit READ> DenyAll </Limit>
<Limit STOR> AllowAll </Limit> </Directory>
# Don't write anonymous accesses to the system wtmp file (good idea!) WtmpLog off
# Logging for the anonymous transfers ExtendedLog /var/log/proftpd/access.log WRITE,READ default ExtendedLog /var/log/proftpd/auth.log AUTH auth
</Anonymous> </IfDefine>
<Directory /var/www/html/jokefire.com> <Limit ALL> AllowAll </Limit> </Directory>
Sorry for all the questions today. But I am trying to wrap up this ftp business and still having some issues. I appreciate your input.
SELinux is temporarily disabled (until I can work this all out) and I am now able to log into the FTP server.
<snip>
This is what my proftpd config is looking like at the moment.
<snip>
# Masqurade Address MasqueradeAddress xx.xxx.xxx.xxx
<snip>
I'm betting that your MasqueradeAddress is the issue. This is great when you are behind a NATing firewall, but for localhost testing, it could be your issue.
Try commenting out your MasqueradeAddress line and it should create the connection back through the IP address you connected from instead of forcing the one in your MasqueradeAddress. When you want to test the real setup, put it back in.
Barry
Hello again, Barry
Yes interestingly enough that seemed to do it for the local test. This is odd, because I remember setting up another ProFTPd server with this directive and never ran into this issue.
Nevertheless, once I commented out the MasqueradeAddress directive it works locally.
[root@LCENT05:~] #/usr/bin/ftp localhost Connected to localhost (127.0.0.1). 220 FTP Server ready. Name (localhost:root): bluethundr 331 Password required for bluethundr Password: 230 User bluethundr logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (127,0,0,1,253,20). 150 Opening ASCII mode data connection for file list -rw-r--r-- 1 apache apache 36834 Mar 11 2010 Copying -rw-r--r-- 1 apache apache 266 Jul 9 10:30 How to install Piwik.html -rw-r--r-- 1 root apache 1189469 Dec 20 2010 Illustration.ai -rw-r--r-- 1 root apache 236524 Dec 20 2010 Illustration.jpg -rw-r--r-- 1 root apache 230915 Dec 20 2010 Illustration.pdf -rw-r--r-- 1 root apache 1206524 Dec 20 2010 Illustration_path.ai -rw-r--r-- 1 root apache 2176338 Dec 20 2010 Illustration_path.eps
Which is nice! But when I try to connect remotely this is what occurs:
Response: 230 User bluethundr logged in Command: OPTS UTF8 ON Response: 200 UTF8 set to on Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is the current directory Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode (192,168,1,48,251,255). Status: Server sent passive reply with unroutable address. Using server address instead. Command: MLSD Error: Connection timed out Error: Failed to retrieve directory listing
So remotely it's still having difficulty listing the directory. Here's a snippet from the logs. I've included a longer section of the logs in case this sheds any light on the issue. :)
Seriously thanks for your help here, it's greatly appreciated!
Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): USER bluethundr: Login successful. Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_tls Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'OPTS UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_tls Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_core Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'OPTS_UTF8 ON' to mod_lang Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'OPTS_UTF8 ON' to mod_log Aug 13 12:45:44 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'OPTS UTF8 ON' to mod_log Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PWD' to mod_tls Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PWD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PWD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'PWD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): in dir_check_full(): path = '/', fullpath = '/'. Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'PWD' to mod_log Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'TYPE I' to mod_tls Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'TYPE I' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'TYPE I' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'TYPE I' to mod_xfer Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'TYPE I' to mod_log Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PASV' to mod_tls Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PASV' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'PASV' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'PASV' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): in dir_check_full(): path = '/', fullpath = '/'. Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): Entering Passive Mode (192,168,1,48,255,131). Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching LOG_CMD command 'PASV' to mod_log Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'MLSD' to mod_tls Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'MLSD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching PRE_CMD command 'MLSD' to mod_core Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): dispatching CMD command 'MLSD' to mod_facts Aug 13 12:45:45 LCENT05 proftpd[3095] 192.168.1.48 (xx.xxx.xxx.xxx[xx.xxx.xxx.xxx]): in dir_check_full(): path = '/', fullpath = '/'.
----- Original Message ----- From: "Barry Brimer" lists@brimer.org To: "CentOS mailing list" centos@centos.org Sent: Saturday, August 13, 2011 1:32:03 PM Subject: Re: [CentOS] can't list directories in ftp
Sorry for all the questions today. But I am trying to wrap up this ftp business and still having some issues. I appreciate your input.
SELinux is temporarily disabled (until I can work this all out) and I am now able to log into the FTP server.
<snip>
This is what my proftpd config is looking like at the moment.
<snip>
# Masqurade Address MasqueradeAddress xx.xxx.xxx.xxx
<snip>
I'm betting that your MasqueradeAddress is the issue. This is great when you are behind a NATing firewall, but for localhost testing, it could be your issue.
Try commenting out your MasqueradeAddress line and it should create the connection back through the IP address you connected from instead of forcing the one in your MasqueradeAddress. When you want to test the real setup, put it back in.
Barry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hello again, Barry
Yes interestingly enough that seemed to do it for the local test. This is odd, because I remember setting up another ProFTPd server with this directive and never ran into this issue.
Nevertheless, once I commented out the MasqueradeAddress directive it works locally.
<snip>
227 Entering Passive Mode (127,0,0,1,253,20).
<snip>
Which is nice! But when I try to connect remotely this is what occurs:
<snip>
Response: 227 Entering Passive Mode (192,168,1,48,251,255).
Seriously thanks for your help here, it's greatly appreciated!
You're welcome.
Look above where I've left in the "Entering Passive Mode" line. This is the address that is being used to send the connection back through. As expected with localhost, it used 127.0.0.1, remotely, it used 192.168.1.48. That is not going to work if you are being NATed somewhere using a different (public) IP address. That is where the MasqueradeAddress comes into play. Of course this only applies to *passive* ftp connections. Active FTP connections would be unaffected. By any chance when you tested and this worked in the past could you have been testing with active ftp?
Barry
On 08/13/11 11:07 AM, Barry Brimer wrote:
Response: 227 Entering Passive Mode (192,168,1,48,251,255).
Seriously thanks for your help here, it's greatly appreciated!
You're welcome.
Look above where I've left in the "Entering Passive Mode" line. This is the address that is being used to send the connection back through. As expected with localhost, it used 127.0.0.1, remotely, it used 192.168.1.48. That is not going to work if you are being NATed somewhere using a different (public) IP address. That is where the MasqueradeAddress comes into play. Of course this only applies to *passive* ftp connections. Active FTP connections would be unaffected. By any chance when you tested and this worked in the past could you have been testing with active ftp?
FTP servers behind NAT are a pain in the butt, you have to support passive, as its the CLIENT that decides which mode to use.
if you load the ip connection tracker FTP module in your NAT (assuming its a linux system), then it will monitor the FTP port for these PORT commands and munge them on the fly to be correct, then your ftp server works inside or outside (you don't use the MasqueradeAddress in this mode)
On Sat, 13 Aug 2011, Tim Dunphy wrote:
To: CentOS mailing list centos@centos.org From: Tim Dunphy bluethundr@jokefire.com Subject: Re: [CentOS] can't list directories in ftp
Hello again, Barry
Yes interestingly enough that seemed to do it for the local test. This is odd, because I remember setting up another ProFTPd server with this directive and never ran into this issue.
Nevertheless, once I commented out the MasqueradeAddress directive it works locally.
I've NEVER had any problems with proftpd for myself, running on Centos 5.6 - it's always worked out of the box for me.
I use gFTP to login to my main machine from my laptops, even logged in from a Vista laptop to my Centos 5.6 machine via ftp, using WinSCP.
I have created 2 directories under my normal user acount, and just login using a GUI client like gFTP, and that takes me to my home directory. I use ~/FTP-OUT for placing files I want to get things from, and another directory called ~/ftp-in for moving things to the main Centos machine. The ftp port is opened in my custom firewall to machines on the LAN side only. Works fine for me.
I know it's lazy, but if I can't be bothered to get up and walk to the main machine, I can always login via ssh to move things around on the main Centos box while I'm on the laptop ;)
HTH
Keith Roberts
----------------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------