RE: Anonymous Proftp setup problems

To: <debian-user@lists.debian.org>
Subject: RE: Anonymous Proftp setup problems
From: "nate" <debian-user@aphroland.org>
Date: Thu, 24 Oct 2002 16:06:45 -0700 (PDT)
Message-id: <[🔎] 7785.216.39.174.24.1035500805.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] NGBBLDIFELPCGLIINMHCOEBECGAA.MikeOlds@pacbell.net>
References: <[🔎] NGBBLDIFELPCGLIINMHCOEBECGAA.MikeOlds@pacbell.net>

Michael Olds said:

> I am behind a USRobotics broadband router which has a built in firewall.
> I have two boxes, a linux server and a windows 2000 workstation each with
> their own what I call "internal" static IP numbers.

are you certain this is possible with that router? i would contact
USR to be sure, a question such as:

'can I run a ftp server running behind this router running on NAT to
run with passive ftp connections?' should be enough..


> I am fresh enough to
> doubt my understanding of Network Address Translation to need to describe
> what I know and let you guess: My external IP number connected to the
> Internet connected to the Router is Static. Each box has it's own static
> number (no DHCP) connected to the other side of the router. That sounds
> like NAT to me, but maybe not. The Router is set up to Exclude All

if the IPs assigned to the machines are 172.16.x.x or 192.168.x.x or
10.x.x.x then it's NAT yes.


> incoming traffic except when specifically allowed or when in response to
> a request coming from within (I think that's how to describe it).

is it configured to forward incoming port 20 and 21 requests to your
ftp server?


> There is no "config" for this router, it's handled via browser window
> GUI...you click buttons, but I am reasonably sure it is set up properly
> for the situation as the tech support guy walked me through it and I
> asked enough questions to get it straight in my head what to do. (And, as
> it looks to me, I am being logged in.)

I'm not sure what else to suggest, it may be a configuration issue
on the router, you can try (from outside the router if possible) to
hit some of the ports that the router is 'allowing' in and run tcpdump
on the server to see if those actually reach the server. and you can
run tcpdump during a ftp session but it gets to quite a bit more advanced
network diagnostics to troubleshoot it. I've personally never heard of
such a feature on a broadband router, your setup makes me think that
the passive ftp setting is for OUTBOUND (from behind the router going
to the internet) connections, not passive ftp INBOUND ..but I suppose
anything is possible.

analyzing the traffic would be my next step but its not easy, I'm no
expert at packet sniffing either though I've done it from time to time
to troubleshoot network issues.


>
> I checked inetd and ftp is <off> (If I didn't say it before, proftpd is
> set up as standalone.)

ok


>
> To start and stop I have just been rebooting (this is a small personal
> setup and it doesn't matter if I am disconected for a few minutes)...but
> I would like to know if there were something like  # apachectl stop

since its standalone, this should do it:

/etc/init.d/proftpd stop

then to start it

/etc/init.d/proftpd start

good luck!

nate

Reply to:

References:
- RE: Anonymous Proftp setup problems
  - From: Michael Olds <MikeOlds@pacbell.net>

Prev by Date: Re: cannot connect to ISP
Next by Date: Re: USB mouse problem
Previous by thread: RE: Anonymous Proftp setup problems
Next by thread: which anti-spam tool?
Index(es):
- Date
- Thread