# Setting up an FTP [Solved]

## NiK[IT]

I've managed to set up an FTP server using proftpd but i cannot access it from the outside.

I only can access it using the private ip of the machine where the server is. I'm behind an adsl router and arleady forwarded port 20/21 to this ip...

What I've forgotten?

thxLast edited by NiK[IT] on Sat Jun 26, 2004 8:51 am; edited 1 time in total

----------

## Lajasha

What happens when you try to connect? Do you get a login prompt or just a connection timeout?

Post your proftpd.conf file contents and check the log to see if you are even connecting to the server...

----------

## NiK[IT]

This is what i get when i try to connect using my ftp client:

```
Looking up xxx.xxx.236.231

Trying adsl-231-236.xxx-xxx.net24.it:21

Cannot connect to adsl-231-236.xxx-xxx.net24.it: Connection refused

Waiting 30 seconds until trying to connect again
```

```
ServerIdent on "Please enter your username and password. Anonymous logins are disabled.

ServerName  "MyFTPServer"

ServerType standalone

                                                                                                      

ServerAdmin myemail@somehost.org

DeferWelcome on

                                                                                                      

ShowSymlinks off

MultilineRFC2228 on

DefaultServer on

AllowOverwrite on

MaxClients 10

MaxClientsPerHost 1 "You are already logged on once."

                                                                                                      

RequireValidShell   off

AuthPAM             off

AuthPAMConfig       ftp

TimeoutNoTransfer 20

TimeoutStalled 10

TimeoutLogin 20

TimeoutIdle 1200

MaxClients 10

MaxClientsPerHost 1 "You are already logged on once."

# Port 21 is the standard FTP port.

Port                            21

                                                                                                      

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                           022

                                                                                                      

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances                    30

                                                                                                      

# Lock users into the ftproot directory

DefaultRoot ~

                                                                                                      

ExtendedLog /var/log/ftp.log auth,all

ListOptions "-l"

DenyFilter \*.*/

                                                                                                      

# Set the user and group that the server normally runs at.

User ftp

Group ftp-users

                                                                                                      

# Lock users into the ftproot directory

 DefaultRoot ~

# Normally, we want files to be overwriteable.

                                                                                                      

<Directory />

  Umask 022 022

  AllowOverwrite off

                                                                                                      

  <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>

    DenyAll

  </Limit>

                                                                                                      

</Directory>

                                                                                                      

<Directory ~/download/*>

  Umask 022 022

  AllowOverwrite off

                                                                                                      

  <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>

    DenyAll

  </Limit>

</Directory>

                                                                                                      

<Directory ~/upload/*>

  Umask 022 022

  AllowOverwrite on

                                                                                                      

  <Limit MKD XMKD RNRF RNTO DELE RMD XRMD STOR>

    AllowAll

  </Limit>

                                                                                                      

</Directory>

```

I think is a connection problem but havent got any ideas...

----------

## Lajasha

Do you have more than one computer on your local network? If so are you able to ftp from it to the server? since it would be in the network.

----------

## NiK[IT]

I've another computer on my lan and using the server private ip all works perfectly. Using the public ip issues an error (same as on my servers machine)

----------

## Lajasha

hrm then it sounds like it might be an issue with the routing. can you try to DMZ the box and try it again?

----------

## NiK[IT]

I've also tried to DMZ my host in addition the the two forwarded ports.

Nothing!!!   :Evil or Very Mad:   :Evil or Very Mad:   :Evil or Very Mad: 

I've also made a reset/reboot of my DSL router to ensure all was set fine.

Nothing!!!   :Evil or Very Mad:   :Evil or Very Mad:   :Evil or Very Mad: 

I'm going mad about this. How can i check if ports 20 and 21 are open on my host?

This is a desperate solution though because if i can access to them from inside the LAN theres no reason why I cannot access them from outside...

Please help!!!   :Shocked:   :Shocked:   :Shocked: 

----------

## Arzie

What happens when you forward port 21 only and use passive mode on the client?

----------

## NiK[IT]

same as before...

----------

## Arzie

Try something like ethereal on the machine with the FTP-server and look if it even gets a request on port 21.

----------

## NiK[IT]

good idea! I'll try this imediately...

----------

## NiK[IT]

When I issue an FTP connect command i get these two packets:

1) from my ip to the router's ip , from port 38361 to port 21

2) from my router to my ip, from port 21 to port 38361

Shouldnt be 21 in (2) when the router responds?

----------

## Arzie

Hmm, (2) should indeed be different. It should have port 21 as destination port (to the FTP-server), the source port isn't very important. Maybe you used the wrong setting in your router? Should be something like port forwarding.

----------

## NiK[IT]

Yeah, it's virtual servers...

I've put both ports 20 and 21 to my private ip...

----------

## Lajasha

 *NiK[IT] wrote:*   

> When I issue an FTP connect command i get these two packets:
> 
> 1) from my ip to the router's ip , from port 38361 to port 21
> 
> 2) from my router to my ip, from port 21 to port 38361
> ...

 

That should be fine since it would have to reply to the same port that the request came from.

----------

## NiK[IT]

Sure... Any other ideas?

----------

## Lajasha

try using this config file to see if it is possibly a setting you are using.

----------

## NiK[IT]

 *Quote:*   

> try using this config file to see if it is possibly a setting you are using.

 

Same problem with this configuration...

----------

## RedDawn

Never liked FroFTPD... i use Pure-Ftpd.. 

emerge pure-ftpd.. and set it up.. you'll be done in like 5 mins.. way easier then pro-ftpd..   :Very Happy: 

----------

## NiK[IT]

Its surely an issue with my net conf instead of proftpd's...

But maybe this is worth a try...

 :Shocked:   :Shocked: 

----------

## NiK[IT]

 *Quote:*   

> emerge pure-ftpd.. and set it up.. you'll be done in like 5 mins.. way easier then pro-ftpd.. 

 

By the way, can you post a little conf file for pure-ftpd?

----------

## Determined

is that an actiontek router? With wireless and ethernet?

----------

## NiK[IT]

 *Quote:*   

> is that an actiontek router? With wireless and ethernet?

 

No its an USR with wireless and ethernet.

You have some experience with this one? Or maybe its a similar problem with yours?

By the way this is what I get when I connect using my private ip: 

```
220 Please enter your username and password. Anonymous logins are disabled.

USER gabbo

331 Password required for gabbo.

PASS xxxx

230 User gabbo logged in.

SYST

215 UNIX Type: L8

TYPE I

200 Type set to I

PWD

257 "/" is current directory.

PORT 192,168,1,5,128,222

200 PORT command successful

LIST -aL

150 Opening ASCII mode data connection for file list

226 Transfer complete.

```

PORT 192,168,1,5,128,222 means that is using a port like 128?

----------

## RedDawn

 *NiK[IT] wrote:*   

>  *Quote:*   emerge pure-ftpd.. and set it up.. you'll be done in like 5 mins.. way easier then pro-ftpd..  
> 
> By the way, can you post a little conf file for pure-ftpd?

 

sure.. here it is!

# Config file for /etc/init.d/pure-ftpd

##Comment variables out to disable its features, or change the values in it... ##

## This variable must be uncommented in order for the server to start ##

IS_CONFIGURED="yes"

## FTP Server,Port (separated by comma) ##

## If you prefer host names over IP addresses, it's your choice :

## SERVER="-S ftp.rtchat.com,21"

## IPv6 addresses are supported.

SERVER="-S 10.192.168.2,21"   <--Change to your external or internal ip..  xxx.xxx.xxx.xxx,21

## Number of simultaneous connections in total, and per ip ##

MAX_CONN="-c 30"

MAX_CONN_IP="-C 10"

## Start daemonized in background ##

DAEMON="-B"

## Don't allow uploads if the partition is more full then this var ##

DISK_FULL="-k 90%"

## If your FTP server is behind a NAT box, uncomment this ##

USE_NAT="-N"

## Authentication (others are 'pam', ...)##

## Further infos in the README file.

AUTH="-l unix"

## Change the maximum idle time. (in minutes. default 15)

#TIMEOUT="-I <timeout>'"

## Use that facility for syslog logging. It defaults to 'ftp'

## Logging can be disabled with '-f none' .

LOG="-f facility"

## Misc. Others ##

MISC_OTHER="-A -x -j -R"

#

# Use these inside $MISC_OTHER

# More can be found on "http://pureftpd.sourceforge.net/README"

#

# -A [ chroot() everyone, but root ]

# -e [ Only allow anonymous users ]

# -E [ Only allow authenticated users. Anonymous logins are prohibited. ]

# -i [ Disallow upload for anonymous users, whatever directory perms are ]

# -j [ If the home directory of a user doesn't exist, auto-create it ]

# -M [ Allow anonymous users to create directories. ]

# -R [ Disallow users (even non-anonymous ones) usage of the CHMOD command ]

# -x [ Authenticated users can read/write files beginning with a dot ('.') 

#       Anonymous users can't, for security reasons ]

# -X [ Users can't write/read files and directories starting with a dot ('.') ]

# -D [ List files beginning with a dot ('.') even when the client doesn't

#      append the '-a' option to the list command. A workaround for badly

#      configured FTP clients. ]

# -G [ Disallow renaming. ]

# -d [ Send various debugging messages to the syslog. ONLY for DEBUG ]

# -F <fortune file> [ Display a fortune cookie on login. Check the README file ]

# -H [ By default, fully-qualified host names are logged. The '-H' flag avoids host names resolution. ]

----------

## NiK[IT]

 *Quote:*   

> NiK[IT] ha scritto:
> 
>  *Quote:*   Citazione:
> 
> emerge pure-ftpd.. and set it up.. you'll be done in like 5 mins.. way easier then pro-ftpd..
> ...

 

I've already tried with the simple included conf modified like yours... Same damn problem...

----------

## NiK[IT]

Could it be an issue relating to my linux box net or eth0 conf?

Which files should I check?

----------

## NiK[IT]

Now works... And the better thing is that i dont know why...

I was working with my proftpd.conf file and suddenly all started to work...

Thanks to you all!

----------

## robfantini

Could you please post your proftpd.conf file?  

I'm having a problem with proftpd and would like to compare our .conf files.

----------

