# need help on configuring a proftpd.conf :(

## shallpion

My condition:

 *Quote:*   

> 
> 
> I am under a linksys router at home, receiving IP 192.168.1.145 from the router. The router's public IP is "A.B.C.D". 
> 
> 

 

My expectation

 *Quote:*   

> 
> 
> I want to run a proftpd server for the people from WAN with username tea. Since I am behind the router's firewall, I did a port forward on the router to forward port 2222 to 192.168.1.145, and configured masqueradeaddress in proftpd.conf. Also, I want people in the LAN to be able to connect port 2100 directly without masquaradeaddress, with username sps.
> 
> 

 

I read several samples and articles on internet, and tried to write a proftpd.conf

 *Quote:*   

> 
> 
> Include /etc/proftpd/modules.conf
> 
> DefaultServer                   on
> ...

 

Unfortunately this doesn't work. I could even not connect to port 2100. Are there any mistakes in my conf file or I understood virtualhost incorrectly and to achieve my expectation I have to use some other way? thank you  :Smile: 

----------

## causality

I don't know an answer to this with 100% confidence so instead I'll provide some general ideas in the hope that it may help.

I don't think virtual hosting is necessary for your setup.  Usually virtual hosting is appropriate when the computer on which ProFTPD executes has multiple IP addresses assigned directly to it, but that's not the case with a simple NAT setup.  In fact most virtual hosting setups I have seen use multiple routable/public IP addresses and not 192.168.x.x nonroutable NAT addresses.

In your situation, the computer running the ProFTPD server has precisely one IP address, which is 192.168.1.145.  It cannot listen for traffic on the public IP A.B.C.D. because only the router has that IP address.  Port forwarding in your router takes care of this part so that the ProFTPD server only has to worry about network traffic on 192.168.1.145.

If it were me, I'd try configuring the server without virtual hosting at all.  I would, however, include the "MasqueradeAddress A.B.C.D".  This will instruct the server to report the public IP to clients and not the internal 192.168.x.x address which (being nonroutable) would be useless to them.  That way clients refer to the public IP held by the router, and the router uses port forwarding to refer that to your internal 192.168.1.145 address.  When your server transmits data back to the clients, it works in reverse and the clients see traffic coming from A.B.C.D. and those clients never even know that it's a NAT setup and the machine's actual address is 192.168.1.145.

Incidentally, have you ever thought about using SFTP (part of the SSH server) instead of regular FTP?  The problem with FTP is that it's inherently insecure because all usernames and passwords are transmitted over the network in unencrypted plaintext.  Anyone who can intercept those will have a valid username and password for your system, which is not desirable.  SFTP uses strong encryption for all data, including login information.  It's an open standard and well supported on just about any Unix-like system.  Windows clients can communicate with an SFTP server by using the free open source WinSCP client, available at http://sourceforge.net/projects/winscp/.

----------

## shallpion

Thanks for the explanation. Yes I think I made a stupid understanding to virtualhost :p

The reason why I don't want masqueradeaddress for LAN users, is because I notice that the transfer speed is rather slow for LAN users if they connect each other through A.B.C.D, it is only 1MB/s approximately, significantly slower than it should be. But I've found a workaround for this issue. What I need is only a client which support active connection....

Thanks  :Smile: 

----------

