If you nmap your box from outside, does the port appears open?
Hi guys ;D
well I have been trying to get proftpd to work and it does, when I access it from my home network but when I try from ourside I only get as far as asking for a username/password and after that nothing happens. I have also changed the port form 21 to 8021 (ISP blocks 21) I don't know why I can get gnump3d to work and a friend (same isp) was able to get a site up and running.
so I have used dnydns and even specified the port and as ftp:// insted of http://.
I am also behind a linksys router and I forewarded the ports to the right ip.
If you nmap your box from outside, does the port appears open?
Check out my post at http://www.linuxjunior.org/yabbse/in...threadid=10510.
I can access proftpd from outside the firewall with no problems. Note that you need to open up a range of ports for passive FTP (e.g., 65000 to 65535) and use passive FTP on the client side.
hey, I tried that and I still doenst want to work I foreward all the ports in my router...i'll post my proftpd.conf in a bit when I get home.
A quick way to find out if it's your router or your server that's not quite right, put your FTP box in the DMZ of your router. If that works, you don't have your router set up properly. If not, then your proftpd.conf or your FTP directories are not set up properly.
Here is my proftpd.conf file (adjust to taste):
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
# Normally, we want files to be overwriteable.
# Bar use of SITE CHMOD by default
# Needed for NIS.
# A basic anonymous configuration, no upload directories.
# Allow masquerading and use of port 8889 from Internet.
# We want clients to be able to login with "anonymous" as well as "ftp"
# Limit the maximum number of anonymous logins
# Don't make it require a valid password or shell.
# Limit WRITE everywhere in the anonymous chroot
Hi. I put it on the DMZ but I still cant get it to work.
here is my proftpd.conf
Code:# # /etc/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # ServerName"ImpactMusic" ServerTypestandalone DeferWelcomeoff MultilineRFC2228on DefaultServeron ShowSymlinkson TimeoutNoTransfer600 TimeoutStalled600 TimeoutIdle1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter\*.*/ # Uncomment this if you are using NIS or LDAP to retrieve passwords: #PersistentPasswdoff # Uncomment this if you would use TLS module: #TLSEngine on # Uncomment this if you would use quota module: #Quotason # Uncomment this if you would use ratio module: #Ratioson # Port 21 is the standard FTP port. Port8889 MasqueradeAddress 192.168.1.102 PassivePorts 60000 65535 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances30 # Set the user and group that the server normally runs at. Usernobody Groupnogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask022 022 # Normally, we want files to be overwriteable. AllowOverwriteon # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?pag...LSS-2004-10-02 # It is on by default. #DelayEngine off # A basic anonymous configuration, no upload directories. <Anonymous ~ftp> Userftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAliasanonymous ftp # Cosmetic changes, all files belongs to ftp user DirFakeUseron ftp DirFakeGroup on ftp RequireValidShelloff # Limit the maximum number of anonymous logins MaxClients10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLoginwelcome.msg DisplayFirstChdir.message # Limit WRITE everywhere in the anonymous chroot <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> #<Global> #DefaultChdir /home/ftp #DefaultRoot /home/ftp #ShowSymlinks off #LoginPasswordPrompt off #</Global> #<Anonymous /home/ftp> #User ftp #UserAlias anonymous ftp #Group ftp #DefaultChdir /home/michael/music #DeleteAbortedStores on #</Anonymous>
Your masquerade address is wrong. You want the public IP address, not the private one. Use dnsdyn.org to create a public URL that maps to your public IP address so you don't have to memorize the IP address string.
Also, double check the virtual server settings in your router to make sure you've mapped the ports to your 192.168.0.102 machine. Are you using 8889 or 8021 for FTP? It's also important to make sure you've opened up the range for passive FTP (e.g., 65000 to 65535). Can you post a screen shot of your virtual server settings?
Try using my proftpd.conf file instead of yours and make sure the virtual server settings line up.
oh ok...well I changed it to so my dnydns one now
here is a screenshot
also after changing to your .conf file I can't access it from inside my network now :-\
I'm not familiar with Linksys routers, but don't you need to check the box in the far right column to open up the ports from 60000 to 65535?
Also, if you follow the instructions at http://www.linuxjunior.org/yabbse/in...threadid=10510, you will not be able to access your FTP server from inside the firewall. But, that shouldn't be a problem because you can access your FTP directories directly from any LAN box using Samba or NFS. Or, you can always access the FTP server via the Internet like the public does.
When you tried my proftpd.conf file, did you put your FTP box in the DMZ of your router?
well it does work outside of the network. but in IE I get an error...I guess its an error.
"An error occurred opening that folder on the FTP server. Make sure you have permission to access that folder.
200 Type ser to A
500 Illegal PORT command
500 LPRT not understood"
I don't know about firefox since it doesnt want to work on this current linux and XP box. but it works GREAT in konqueror.