Stuck with Masquerading with ProFTPD Version 1.3.3e

j.smith1981 · 07-19-2011, 06:35 AM

I am literally quite stuck with proftp the version being: ProFTPD Version 1.3.3e#

I have the following config:

Quote:

ServerName "FTP Server"
ServerType standalone
DefaultServer on

Port 21

UseIPv6 off

Umask 022

MaxInstances 10

User ftp
Group ftp

#DefaultRoot ~

AllowOverwrite on

<Limit SITE_CHMOD>
DenyAll
</Limit>

<Global>
RootLogin off
RequireValidShell off
</Global>

<VirtualHost ftp.myolddomain.co.uk>

ServerName "ftp.myolddomain.co.uk"
DefaultChdir /www/myolddomain.co.uk
DefaultRoot /www/myolddomain.co.uk
ShowSymlinks off

<Anonymous /ftp/myolddomain.co.uk/anonymous>
User jeremy
UserAlias anonymous jeremy
Group myolddomain
</Anonymous>

MasqueradeAddress ftp.myolddomain.co.uk

# these 2 settings are turned off for debugging purposes!
# MaxClients 5
# MaxClientsPerHost 2
</VirtualHost>

<VirtualHost ftp.mynewdomain.me.uk>

ServerName "ftp.mynewdomain.me.uk"
DefaultChdir /www/mynewdomain.me.uk
DefaultRoot /www/mynewdomain.me.uk
ShowSymlinks off

<Anonymous /ftp/mynewdomain.me.uk/anonymous>
User jeremy
UserAlias anonymous jeremy
Group mynewdomain
</Anonymous>

MasqueradeAddress ftp.mynewdomain.me.uk

# these 2 settings are turned off for debugging purposes!
# MaxClients 5
# MaxClientsPerHost 2
</VirtualHost>

My setup for the above would be:

ftp.myolddomain.me.uk which resolves to 192.168.0.10
ftp.mynewdomain.me.uk which resolves to 192.168.0.11

I only have 1 public facing IP address from my ISP but I would like to be able to view the 2 anonymous directories.

ftp.myolddomain.me.uk would show the conents of: /ftp/myolddomain.me.uk/anonymous
ftp.mynewdomain.me.uk would show the conents of: /ftp/mynewdomain.me.uk/anonymous

How would I allow this from a NAT firewalls perspective please?

I mean I have opened the port 20 (data port) and the 21 (command port) for FTP, would i then just limit the passive ports in the proftp config then changing them for each host and then open them using my NAT firewall?

I mean I require (sorry to be a pain) clear steps on understanding how to get this working, it's far better I am given precise steps then I can learn what's going on you know?

I mean would I need to logically seperate out a series of passive ports and then open them using my custom routers NAT, so each passive port goes to its own virtual host as such? Just a bit confused about what the next steps would entail

I mean I don't have any firewall on my Linux box, don't see the point since I use pfSense and an IPS/IDS and it's never been hacked since!

Your help is much appreciated,
Jeremy.

j.smith1981 · 07-19-2011, 11:06 AM

Ok as an update for myself mainly have changed the MasqueradeAddress to my public IP address, but now with the passive ports as say with the first domain name:

PassivePorts 11000 22000

and the 2nd being:

PassivePorts 33000 44000

I thought initially they would be a wide enough range, opened (just for debugging purposes) ports 20 and 21 and the passive ranges above so from 11000-22000 and 33000 - 44000 respectively.

But no prompt is coming up now.

Does anyone have an idea of what I am possibly doing wrong with this?

Searched for many tutorials on the web but just can not seem to get this working.

Any helps much appreciated as usual,
Jeremy.