[wellylug] ProFTPD problems

Lloyd lloyd at fusion.net.nz
Mon Jan 14 20:48:53 NZDT 2002 

Hey

Richard I don't think its proftpd thats the problem, I think its NAT,
as ports 60000+ are used by NAT. Jamie, does your FTP server run on a
separate machine behind the firewall or on the firewall itself?

If its a separate, I suggest you look into a program called jftpgw that
you can run on the firewall and it will act as an incoming FTP proxy to
your machine behind the firewall. This will hopefully fix you problem.

jftpgw is very small and easy to configure, you can even choose which
internal server to connect to by placing an @internal.machine.name after
your login name.

I use it on our work machines - http://www.mcknight.de/jftpgw/

cya
Lloyd

On Mon, 14 Jan 2002, Richard Hector wrote:

> Jamie Dobbs wrote:
> >
> > Hi all
> >
> > I'm running a Linux box behind our firewall at work as an FTP server.
> > Of the 2 clients that use it one has no problems but the other cannot
> > connect to it. The one having problems says that our FTP server is
> > assigning the 'data channel' on a seemingly random port above 60000
> > (?) and he says that their firewall cannot cope with this as it
> > expects the data channel to be on the 'standard' port of 20 - what
> > configuration changes can I make to enable this?
> > We are running proFTPD 1.2.2
>
> Firstly 1.2.3 fixes a security hole, and 1.2.4 fixes another bug
> (according to the web site), so you should probably upgrade.
>
> The users guide there says it does use source port 20 for the data
> channel. On the other hand, it can't do that if the client requests
> passive mode, so perhaps they're doing that? I think most web browsers
> use passive mode by default. If their firewall allows back connections
> from port 20, they don't need passive mode and can use normal mode.
>
> Note that neither you nor the ProFTPD user guide are very clear whether
> you're talking about source or data ports, so I'm filling in the gaps
> from other sources. If they're expecting the server to open the data
> channel with a _destination_ port 20, they're wasting their time,
> because it's not under the server's control, and an ftp client can't
> normally allocate a port that low, because it needs to be root to do so.
>
> HTH,
>
> Richard
>
>
>   .-.   Wellington
>   /V\   Linux
>  // \\  Users
> /(   )\ Group
>  ^^-^^
>         http://wlug.paradise.net.nz/
>
> To unsubscribe from this group, send an email to:
> wellylug-unsubscribe at egroups.com
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
>



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
Do you need to encrypt all your online transactions? Find
the perfect solution in this FREE Guide from VeriSign.
http://us.click.yahoo.com/vCuuSA/UdiDAA/yigFAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

More information about the wellylug mailing list