proftpd and apache problems.

samw5 · 02-14-2006, 05:03 PM

Hey guys, I just setup my old Athlon 2400+ rig as a headless server.
I'm running it as a gaming rig (Quake 4/America's Army), VOIP app and I'd like to have both a small web and FTP server.

I'm using FC4. I installed vsftpd but I just can't get it to work the way I want so I ended up downloading and installing the latest version of proftpd.

In any case I'd like to have one user access chrooted to their ftp directory. I also would like to have a read only access on files and write allowed in the upload folder only.

Anyways, here is my config file:

#################################################
ServerName "My FTP Server"
ServerAdmin admin@email.com
ServerType standalone
DefaultServer on
Port 21
#AllowForeignAddress on
#MasqueradeAddress domain.com
Umask 022
MaxInstances 20
User ftpuser
Group ftpuser
UserAlias public ftpuser
AuthAliasOnly on
AuthPAM off
RequireValidShell off
DefaultRoot ~
#DefaultChdir /home/ftp/
AllowOverwrite on
DeleteAbortedStores off
#ExtendedLog /home/me/logs/ftp.log read,write
TimeoutLogin 300
TimeoutStalled 600
MaxClients 10
MaxClientsPerHost 5
DisplayLogin welcome.msg

<Limit SITE_CHMOD>
DenyAll
</Limit>

<Directory ~/>
DirFakeGroup on ftp
DirFakeUser on ftp
DirFakeMode 000
# <Limit WRITE>
# DenyAll
# </Limit>
</Directory>

<Directory ~/uploads/>
<Limit READ WRITE DIRS STO CWD CDUP>
AllowAll
</Limit>
</Directory>
#################################################
Now I've tried everything and this config seems to work when I connect using my linux rig ftp client.

When I use my Windows machine, I can't list the directories or files (all are hidden but accessible). I get an error message saying PORT command is not allowed.
If I enable AllowForeignAddress then I can using WS-FTP just fine but Internet Explorer still won't list a damn thing (actually IE can't even connect even supplied with the username/password... keeps on timing out).

Ok I think that's it for the FTP... I have no idea where to look... any tips?

As far as apache goes, I'm just having a little problem setting it up (maybe I missed something ez).
The daemon starts fine but I keep on getting the Fedora Core Test Page. I've added content to my /var/www/html directory (only one index.html page) but when explicitly pointing to it I'm getting a 403 error (Forbidden access). Permission on the file is 644 and it's been chmod to apache user and group.
Any ideas?

Thanks in advance for the replies. I'm sure some of those questions are dumb but I'm just a linux newb

-Sam

bathory · 02-15-2006, 02:24 AM

As for your first problem about proftpd, you must configure it to use passive mode (in addition to active mode) which is used by default by many ftp clients. To do so add a line like the following in your proftpd.conf:

Code:

PassivePorts 10000 10100

This example will use ports 10000-10100 for passive mode transfers. Of course you can change that port range if it's used by other applications.
Regarding apache I suspect that this is due to SELinux. Read this to see how to resolve the issue.

Regards

samw5 · 02-15-2006, 11:15 AM

Thanks for the reply! I'm slowly getting there!

Looks like SELinux was indeed part of my apache problem. I can now access the files in my web root directory but the daemon doesn't automatically show the index.html file (though I've added html, htm, php to the config file). Do I need to specify in the config that the server should display the index file? Though this was done by default.
Botton line I get the Fedora Core Test Page unless I type index.html.

As far as proftpd I'm moving in the right direction.

I've added some passive ports and I can now view the directories on my Windows machine using WS-FTP and connecting within my local net. I guess I'll have to open the ports in my firewall for the passive ports as well.

What confuses me a bit more is that IE is still won't show the content of the FTP. It gives me a message saying "Getting Content of FTP" and then bombs and gives me an error saying it can't connect.
I know the IE is probably not the preferred way to access an FTP but I'm setting this up for people that don't have a clue about computers so it's gotta be ez enough.

Any ideas?

Thanks
-Sam

samw5 · 02-15-2006, 11:16 AM

Oh totally forgot to ask but I'm assuming I need to add the passive ports in the iptables list... Am I correct? If so how do you specify a range?

bathory · 02-16-2006, 02:24 AM

A rule like the following should do the job:

Code:

iptables -A INPUT -p tcp --dport 10000:10100 -j ACCEPT

As of IE and passive ftp you could take a look here
Regarding FC, apache and SELinux I cannot help you further, but I think this thread should be useful.

Regards

samw5 · 02-16-2006, 10:31 AM

Thanks!

Looks like everything is working fine now that I've added the pass ports to the iptables. I guess that's the only thing I needed for IE... it was configured fine!

Thanks a bunch for the help.

As far as apache, I've been looking around the conf files added a couple things here and there but I've ended up replacing the noindex.html page with mine (since it's an html redirect anyways... don't wanna do it in the conf file). That should do for now, I'll fix that if needed later.

Anyways, thanks again a million for all the help,
Sam