Титла: Връзка с ФТП зад рутер!
Публикувано от: backinblack в Apr 14, 2012, 15:21
Опитвам се да си пусна ФТП и ми е пълна Индия още тази магия. Инсталирах proftpd и с базови настройки от се свързвам към него от вътрешните компютри, но като пренасоча от рутера 21-ви порт към локалното ип и няма връзка от вън! Излиза формата за юзер и парола и като я напиша и почва да върти до безкрайност. Та, както по-горе казах, още ми пълна индия това нещо и имам още много въпроси, но първо чета в гугъл и пробвам, па после евентоално ще питам и други работи и тука ($2) във форума на hardware.bg и друг се е сблъскал със същия проблем и го е решил, но не ми стана ясно как! Разбрах само, че кондиката се крие в конф. файла на proftpd, а не в неправилно пренасочване. #
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "server-boncho"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous> Искам и анонимно влизане да има, без юзер и парола за споделяне на файлове в /home/ftp
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: tovaimesushtestvuva в Apr 14, 2012, 15:53
Ами първо не си пуснал пасивните протове, после трябва да направиш форуардинг към тях от рутера ти и накрая не си пуснал анонимно да се ползва ftp-то ! #
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "server-boncho"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
PassivePorts 49152 59152
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group nogroup
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp
RequireValidShell off
# # Limit the maximum number of anonymous logins
MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
</Anonymous>
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: Acho в Apr 14, 2012, 16:25
Колега, опитай да пренасочиш и 20-ти порт към вътрешното IP на машината с ftp сървъра. Да станат два портовете : 20 и 21.
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: backinblack в Apr 14, 2012, 19:53
Благодарство Колеги!
Анонимното тръгна, но от вън не се връзва!
Пренасочил съм и 20-ти порт към вътрешното(в случая 192.168.1.138).
В рутера на WAN Destination port range from 49152 to 65534 Redirect target IP 192.168.1.138 port 21 и няма връзка!
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: Acho в Apr 14, 2012, 19:58
Така, и само този рутер ли е при теб, между кабела на доставчика ти и твоята мрежа ? Да няма още нещо по пътя ? И как го тестваш отвън ? Имаш 2 интернета ли ? И ако не е тайна IP-то, дай да го помъчим.
П.С. Да няма някакъв firewall пуснат на външния интерфейс, на машината с ftp-то ? И там да не са отворени 20 и 21 портове ?
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: backinblack в Apr 14, 2012, 20:17
Връзкта ми е по пппое реално динамично в момента ИП-то ми е 93.183.161.64(до средващо рестартиране) . Рутера е pfSense.
@Ачка, пратих ти координати за вход в рутера.
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: Acho в Apr 14, 2012, 20:32
Всичко е ОК и си е работещо. Вече следват евентуално дребни доводки, ако смяташ да има такива.
А proftpd е страхотен ftp демон. Само с него съм работил толкова години, от Slackware 4.0 насам. Поздравления.
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: tovaimesushtestvuva в Apr 14, 2012, 20:36
Между другото бях забравил да разкоментирам : # If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
MasqueradeAddress и.тук.твоето.външно.ип
И това може да е била причината да не можеш да браузваш !
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: backinblack в Apr 14, 2012, 20:56
Между другото бях забравил да разкоментирам :
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
MasqueradeAddress и.тук.твоето.външно.ип
И това може да е била причината да не можеш да браузваш !
Точно с това от вчера мъча и все си мислех, че от него ще да е и не става! пробвах с моментното външно ИП, а също и 255.255.255.255, само не бях пробвал до сега с име.dyndns
Титла: Re: Връзка с ФТП зад рутер!
Публикувано от: backinblack в Apr 14, 2012, 21:17
Проблема решен!
Нямаше изобщо да ми дойде на ум, че от вътрешното ип не може да стане връзка през външното!
Като включих лаптопа към нета на глобул и се върза!
Благодарство за съдействието на Ачо и tovaimesushtestvuva [_]3 [_]3 [_]3 ! Весели празници!
|