Loading ...
Sorry, an error occurred while loading the content.

Re: [nslu2-general] Proftpd fails to be accessible from outside LAN -> I think I found it (thx to Inge)

Expand Messages
  • Ludo
    Hi, Thank you for taking the time to look into it. My messages log (/var/log/messages): Aug 31 16:28:14 xinetd[957]: FAIL: ftp address from=212.238.xxx.xxx
    Message 1 of 1 , Aug 31, 2005
    • 0 Attachment
      Hi,

      Thank you for taking the time to look into it.

      My messages log (/var/log/messages):

      <86>Aug 31 16:28:14 xinetd[957]: FAIL: ftp address from=212.238.xxx.xxx
      <86>Aug 31 16:29:12 xinetd[542]: START: ftp pid=961 from=212.238.xxx.xxx
      (xxx is masked out by hand)

      My xinetd -d said there was a syntax error in proftpd.
      The last line was
      port=xx }
      where it should be
      port=xx
      }
      running xinetd -d again did not show the error after that.

      What it did show was
      Only from: localhost(HOST) 192.168.0.0/255.255.255.0(NET)
      which would explain the blocking of non 192.168 addresses.

      In short: Inge, you're great!
      Thanks for showing me the light.
      The rest I should be able to fix myself.

      I am not quite into Linux, it was a very good hint to use xinetd -d.

      Thanks!

      Ludo
      ----- Original Message -----
      From: Inge Bjørnvall Arnesen
      To: nslu2-general@yahoogroups.com
      Sent: Wednesday, August 31, 2005 4:39 PM
      Subject: RE: [nslu2-general] Proftpd fails to be accessible from outside LAN


      Well, the passive ports are irrelevant for getting the login prompt (as I
      understand you don't get). The only relevant aspect for you is the incoming
      FTP connection on port 21. Clearly a connection attempt has been made to the
      slug, but no login prompt appeared. This means that either iptables/firewall
      sw, xinetd (most probably) or proftpd itself has blocked the connection. I
      think you should look in the logs (/var/log or /opt/var/log if using
      syslog-ng). Run xinetd with the "-d" option if the logging is not verbose
      enough as it is.

      best,

      -- Inge


      ----Original Message----
      From: nslu2-general@yahoogroups.com
      [mailto:nslu2-general@yahoogroups.com] On Behalf Of Ludo
      Sent: 31. august 2005 16:33 To:
      nslu2-general@yahoogroups.com Subject: Re: [nslu2-general]
      Proftpd fails to be accessible from outside LAN

      > Hi Inge,
      >
      > My netstat says the following:
      > tcp 0 0 lsdbox1:ftp
      > isprojects.demon.:34373 TIME_WAIT
      > tcp 0 0 lsdbox1:ftp
      > isprojects.demon.:34374 TIME_WAIT
      >
      > (I have added a temporary portmapping 30000-40000 to my
      > slug on my router)
      >
      > So it's getting there (I guess).
      >
      > What;s your oppinion, Inge?
      >
      > Ludo
      > ----- Original Message -----
      > From: Inge Bjørnvall Arnesen
      > To: nslu2-general@yahoogroups.com
      > Sent: Wednesday, August 31, 2005 4:24 PM
      > Subject: RE: [nslu2-general] Proftpd fails to be
      > accessible from outside LAN
      >
      >
      > What does your logs say? If you do "netstat" on the
      > slug when attempting to FTP into it from the Internet -
      > do you see any of these connection attempts?
      >
      > best,
      >
      > -- Inge
      >
      > ----Original Message----
      > From: nslu2-general@yahoogroups.com
      > [mailto:nslu2-general@yahoogroups.com] On Behalf Of Ludo
      > Sent: 31. august 2005 16:10 To:
      > nslu2-general@yahoogroups.com Subject: [nslu2-general]
      > Proftpd fails to be accessible from outside LAN
      >
      > > Hi all,
      > >
      > > I have installed proftpd and it's working in my local
      > > subnet. Yet I cannot access it from outside my LAN
      > > (portmapping on router).
      > >
      > > I have mapped my 21 port on my slug to another port on
      > > the router, lets say 8001. This port is only on the
      > > router, mapping to 21 on the slug. My slug:
      > 192.168.0.1 > My router: 192.168.0.2
      > >
      > > When trying ftp://<outside ip address>:8001 which
      > tries > to connect to the slugs ftp session it fails (no
      > > response, timeout) Locally (when op IP 192.168.0.x to
      > > 192.168.0.1 on port 21) it connects. When using the
      > > external address it fails to connect. So proftpd
      > seems to > work locally. Anonymous login is allowed and
      > functional > locally.
      > >
      > > My router (vigor draytek 2200e) is able to map to any
      > > port on the slug successfully. I can map the admin
      > page > or telnet to 8001 for example, tested
      > successfully. So > that part works. 21 has no response
      > though. Not mapped > elsewhere on the router.
      > >
      > > I have tried hosts.allow to contain 'ftp: ALL' or
      > > 'proftpd: ALL' I have tried to include valid IP range
      > in > xinetd/proftpd (but don't know how). No result:)
      > >
      > > So:
      > > My ftp works fully on the local net.,
      > > My ftp refuses to work on the external net.
      > >
      > > Am I overlooking something?
      > >
      > > I hope one of you can help me see the light.
      > >
      > > Ludo
      > >
      > > ====part of proftpd.conf=====
      > > # Port 21 is the standard FTP port.
      > > Port 21
      > > PassivePorts 8900 9000
      > > ====part of proftpd.conf=====
      > >
      > > =====part of xinetd/proftpd===
      > >
      > > # ProFTPd FTP daemon - http://www.proftpd.org
      > > #
      > > service ftp
      > > {
      > > flags = REUSE
      > > socket_type = stream
      > > instances = 30
      > > wait = no
      > > user = root
      > > server = /opt/sbin/proftpd
      > > server_args = --config
      > /opt/etc/proftpd.conf > log_on_success = HOST
      > PID > log_on_failure = HOST
      > > disable = no
      > > port = 3111 }
      > > =====part of xinetd/proftpd===
      > >
      > >
      > >
      > > [Non-text portions of this message have been removed]
      > >
      > >
      > >
      > > ------------------------ Yahoo! Groups Sponsor
      > > --------------------~-->
      > > Most low income households are not online. Help bridge
      > > the digital divide today!
      > >
      >
      >
      >
      >
      >
      >
      >
      > http://us.click.yahoo.com/cd_AJB/QnQLAA/TtwFAA/CFFolB/TM
      > >
      > --------------------------------------------------------------------~->
      > > > > Yahoo! Groups Links > > >
      >
      >
      >
      > SPONSORED LINKS Computer internet security Firmware
      > development Computer internet business Computer
      > internet access Computer internet privacy securities
      > Computer internet help
      >
      >
      >
      ----------------------------------------------------------------------------
      --
      > YAHOO! GROUPS LINKS
      >
      > a.. Visit your group "nslu2-general" on the web.
      >
      > b.. To unsubscribe from this group, send an email to:
      > nslu2-general-unsubscribe@yahoogroups.com
      >
      > c.. Your use of Yahoo! Groups is subject to the
      > Yahoo! Terms of Service.
      >
      >
      >
      ----------------------------------------------------------------------------
      --
      >
      >
      >
      > [Non-text portions of this message have been removed]
      >
      >
      >
      > ------------------------ Yahoo! Groups Sponsor
      > --------------------~-->
      > Get Bzzzy! (real tools to help you find a job). Welcome
      > to the Sweet Life.
      > http://us.click.yahoo.com/A77XvD/vlQLAA/TtwFAA/CFFolB/TM
      > --------------------------------------------------------------------~->
      >
      >
      > Yahoo! Groups Links
      >
      >
      >



      SPONSORED LINKS Computer internet security Firmware development Computer internet business
      Computer internet access Computer internet privacy securities Computer internet help


      ------------------------------------------------------------------------------
      YAHOO! GROUPS LINKS

      a.. Visit your group "nslu2-general" on the web.

      b.. To unsubscribe from this group, send an email to:
      nslu2-general-unsubscribe@yahoogroups.com

      c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


      ------------------------------------------------------------------------------



      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.