# ProFTPd only accepts connections from localhost [Solved]

## Gentist

I recently installed ProFTPd and configured it. Testing it on my own machine works great (it's running on the same machine), no problems there. But when I asked a friend to test it "from the outside", it wouldn't connect, and simply timed out. I'm not sure why, but it seem to only accept connections from itself (localhost). I dunno if this is caused by ProFTPd or something else.

Here's my config (IP address, etc has been edited out):

```

ServerName                     "My FTP"

ServerType                      standalone

DefaultServer                   on

Bind                            <my external ip>

Port                            <port number>

PassivePorts                    49152 65534

SystemLog <path to logfile>

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                           022

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances                    5

# Set the user and group under which the server will run.

User                            proftpd

Group                           proftpd

# To cause every FTP user to be "jailed" (chrooted) into their home

# directory, uncomment this line.

DefaultRoot ~

# Disconnect user after 5 minutes of inactivity

TimeOutIdle 300

DisplayLogin welcome.msg

DeferWelcome on

MaxClientsPerHost 1 "There's already a connection from your host, please close it or wait 5 minutes for it to time out and try again."

MaxClients 5 "Sorry, max number of users reached. Please try again later."

MaxLoginAttempts 2

# Normally, we want files to be overwriteable.

AllowOverwrite          on

TLSEngine on

TLSLog <path to TLS logfile>

TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?

TLSRequired off

#Server's certificate

TLSRSACertificateFile <path to certfile>

TLSRSACertificateKeyFile <path to certkeyfile>

# Authenticate clients that want to use FTP over TLS?

TLSVerifyClient off

<Directory ~>

  HideNoAccess on

</Directory>

# Bar use of SITE CHMOD by default

<Limit SITE_CHMOD>

  DenyAll

</Limit>

```

I think I solved this problem before, but that was on another system, and since I have no idea what's causing it now, I have no idea what I need to do to fix it. It seems to me as if it tries to bind my external IP address to localhost for some reason. Using MasqueradeAddress gives me the following output on startup:

```

localhost - 127.0.0.1:<port> masquerading as <external ip>

```

I assume this could have something to do with the fact that /etc/conf.d/hostname is set to:

```

HOSTNAME="localhost"

```

/etc/hosts

```

127.0.0.1       localhost

```

I thought the "Bind" option in the proftpd.conf file was supposed to override this, though I might be wrong. I should mention that I have tested all this with my firewall turned off, so that's not the problem. Am I forced to play around with /etc/hosts, or is there a way around that?Last edited by Gentist on Tue May 24, 2005 8:52 pm; edited 1 time in total

----------

## msalerno

The first thing I would do is change the hostname.  Localhost is a bad choice.

Question:  Is your system behind a NAT router?  Do you have port 21 forwarded?

Are you running a firewall?  If so, do you have access to port 21 enabled?

----------

## Gentist

I chose localhost because I wasn't intending to run any services at first, though since I can't easily send files, I decided that an FTP server which I can switch on when I need to send files might be a good idea. I guessed that if anything, localhost might mess up the ability to run services to the outside world, which in a way is added security.

I'm not behind NAT, and it's not running on port 21 (since I'm not sure if my ISP blocks that or not, I decided to go with something else until I got it up and running properly). And as I mentioned in my first post, I tried turning the firewall off, so that's not the problem (although I did tell it to allow the port I use for FTP).

So, basically, all I need to do is to change the hostname to something random, add it to /etc/hosts and point it to my external IP?

EDIT: Did that, same result, with the exception that MasqueradeAddress showed the correct IP. Still can't connect externally though.

----------

## msalerno

Can you access your ftp server from the server itself using the external IP address?

----------

## Gentist

Short answer: Yes.

Output from ftptop (logged in user, external IP and port number removed):

```

PID   S USER     CLIENT                       SERVER               TIME COMMAND

14263 I <user>  <external IP>                 0.0.0.0:<ftp port>    0m21s  idle

```

Edit: Solved. It appears to have been a firewall "misconfiguration" causing all incoming connections to be ignored, regardless of specific rules. I simply had to change (modify) the policy.

----------

