RE: Anonymous Proftp setup problems

To: <debian-user@lists.debian.org>
Subject: RE: Anonymous Proftp setup problems
From: "nate" <debian-user@aphroland.org>
Date: Thu, 24 Oct 2002 14:56:14 -0700 (PDT)
Message-id: <[🔎] 5959.216.39.174.24.1035496574.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] NGBBLDIFELPCGLIINMHCGEBBCGAA.MikeOlds@pacbell.net>
References: <[🔎] NGBBLDIFELPCGLIINMHCGEBBCGAA.MikeOlds@pacbell.net>

Michael Olds said:
> Nate, thank you for this response,
>
> I am behind my router's firewall, but set up with static external and
> internal IPs:

what is the configuraiton? you sure it is setup for static NAT?
are you using NAT at all?(static or dynamic?)

>
> In Proftp (global) I Set up:
> UseReverseDNS	off
> IdentLookups	off
> MasqueradeAddress	000.000.000.00 of the servers internal IP
> PassivePorts 60000-65535
>
> and set up my router to listen on 21 and 60000-65535
>
> and I still get timed out:

I've never tried these options before...but it looks like from
the doc the MasqueradeAddress needs to be set to the REAL ip
not the NAT'd ip. from your description above it sounds as if you
put the NAT IP in that field.

> I did #fuser -n tcp 21 and got:
> 21/tcp:	230
>
> I really don't know what that means. I do not have a user 230

that means process id 230 is using tcp port 21

i just said run that because you mentioned running a copy of proftpd
and it spit back cannot bind(address already in use).

it is possible that proftpd is configured to run through inetd, check
/etc/inetd.conf and /etc/xinetd.conf(if you have xinetd) to be sure.

I am not famillar with the kind of router you have which allows
it to 'listen' on those ports. a public ftp server that I setup
for my former company is setup using static 1:1 NAT behind a
cisco 2500 series router, the config directive:
ip nat inside source static 10.115.17.195 65.115.17.195

the ftp server is ftp.graphon.com you can try to ftp to it and
grab a file to see, as far as the ftp server is concerned it
has a real IP, the router handles everything, no special
configuration needed on the server itself, its totally transparent.

change the proftpd directive to the real ip of the system if your
currently using the NAT'd ip, and see what happens. If your not sure
proftpd is restarted, shutdown all copies of it, ftp to localhost
to be sure it is not running, run nestat -an | grep 21 to be sure
nothing is using port 21(you may see some TIME_WAIT messages, if
so, wait until they are gone, can take up to 15-20 minutes) then
start proftpd again.


nate

Reply to:

Follow-Ups:
- RE: Anonymous Proftp setup problems
  - From: Michael Olds <MikeOlds@pacbell.net>

References:
- RE: Anonymous Proftp setup problems
  - From: Michael Olds <MikeOlds@pacbell.net>

Prev by Date: Re: Replace MS Exchange
Next by Date: Re: using lilo to boot from floppy image?
Previous by thread: RE: Anonymous Proftp setup problems
Next by thread: RE: Anonymous Proftp setup problems
Index(es):
- Date
- Thread