# proftpd problems (solved)

## royko

Maybe try connecting to your ftp server from the internet using passive mode.  If your external client is behind its own firewall, your ftp server might not be able to open a connection with the client required by active mode.  

And you're right, you can't use the external address on your internal lan (unless you map your external hostname to the internal IP.)

----------

## puggy

I'm running proftpd with the standard .conf files to start with....

```

root@legolas ftp # cat /etc/proftpd/proftpd.conf

# This is a basic ProFTPD configuration file (rename it to

# 'proftpd.conf' for actual use.  It establishes a single server

# and a single anonymous login.  It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anon.

ServerName          "ProFTPD Default Installation"

ServerType          standalone

DefaultServer       on

RequireValidShell   off

AuthPAM             off

AuthPAMConfig       ftp

# Port 21 is the standard FTP port.

Port                            61000

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                           022

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances                    30

# Set the user and group under which the server will run.

User                            proftpd

Group                           proftpd

# Normally, we want files to be overwriteable.

<Directory />

  AllowOverwrite                on

</Directory>

# A basic anonymous configuration, no upload directories.

<Anonymous ~ftp>

  User                          ftp

  Group                         ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"

  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins

  MaxClients                    10

  # We want 'welcome.msg' displayed at login, and '.message' displayed

  # in each newly chdired directory.

  DisplayLogin                  welcome.msg

  DisplayFirstChdir             .message

  # Limit WRITE everywhere in the anonymous chroot

  <Limit WRITE>

    DenyAll

  </Limit>

</Anonymous>

```

I have run the server using

```
/etc/init.d/proftpd start
```

and it started fine.

I can log in locally on my lan and do everything perfectly but when I try and log in from the internet I can get logged in (I've forwarded port 61000 on my router to the ftp server machine) but when I try and do something like 

```
ls
```

 it waits for ages then times out...

```

bash-2.03$ ftp maj.ath.cx 61000

Connected to maj.ath.cx.

220 ProFTPD 1.2.7 Server (ProFTPD Default Installation) [legolas.fellowship.com]

Name (maj.ath.cx:siu00dpr): ftp

331 Anonymous login ok, send your complete email address as your password.

Password:

230 Anonymous access granted, restrictions apply.

ftp> ls

200 PORT command successful

425 Unable to build data connection: Connection timed out

```

I can't understand why this would be.

The other interesting thing is that if I try and log in from a machine on my LAN stating the external IP of my network (maj.ath.cx)

```

puggy@aragorn FreeSpeech-0.1.2 $ ftp maj.ath.cx 61000

ftp: connect: Connection timed out

```

as you can see, it fails completely.

I'm actually not sure if that is meant to work, but I should think it should. ssh seems to suffer similarly in this regard.

```

puggy@aragorn puggy $ ssh puggy@maj.ath.cx

ssh: connect to host maj.ath.cx port 22: Connection timed out

```

Any help would be appreciated. I'm sure I've just missed something obvious here.

Puggy

----------

## puggy

That didn't help.

```

[puggy@widget puggy]$ ftp -p maj.ath.cx 61000

Connected to maj.ath.cx.

bye

220 ProFTPD 1.2.7 Server (ProFTPD Default Installation) [legolas.fellowship.com]

Name (maj.ath.cx:puggy): 331 Password required for bye.

Password:

530 Login incorrect.

[puggy@widget puggy]$ ftp -v -p maj.ath.cx 61000

Connected to maj.ath.cx.

220 ProFTPD 1.2.7 Server (ProFTPD Default Installation) [legolas.fellowship.com]

Name (maj.ath.cx:puggy): ftp

331 Anonymous login ok, send your complete email address as your password.

Password:

230 Anonymous access granted, restrictions apply.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

227 Entering Passive Mode (192,168,0,2,158,104).

ftp: connect: No route to host

```

The IP address (192,168,0,2,158,104) is worrying. whats that all about?

Puggy

----------

## puggy

This problem was down to me not having forwarded any ports on my NAT router for ftp. I just forwarded a range of them and added that range into the proftpd.conf file. Also, I needed the server to masquerade as the external address of my network.

```

MasqueradeAddress               maj.ath.cx

PassivePorts                    65000 65535

```

For obvious reasons the ftp is now not unusable from inside the network, but that wasn't the point in it anyway, so that's fine.

Puggy

----------

