LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   ProFTPd - can connect locally but...Could it be that Verizon DSL does not allow port (https://www.linuxquestions.org/questions/linux-networking-3/proftpd-can-connect-locally-but-could-it-be-that-verizon-dsl-does-not-allow-port-142738/)

cevjr 02-05-2004 04:09 PM
ProFTPd - can connect locally but...Could it be that Verizon DSL does not allow port
 
I think everything is AOK! Could it be that Verizon DSL does not allow port forwarding??? I know this sounds strange but....

OK I have made some progress but still don't have 100% success.
Here's what I have so far:
I have a dynamically assigned IP address from Verizon DSL. I have proftpd up and running and I can ftp localhost.
I can also ftp 192.168.0.x from a PC on my local network. However if I were outside my local network and wanted to connect to the IP address assigned from Verizon...I would not be able to do it.

My setup:
Netgear Router/Nat portforwarding FTP port 21 to 192.168.0.x
firewall opened ports 20 and 21
/etc/hosts.allow has
ftpd: 19.2 192.168.0.x 151.xx.xx.xxx (I tried this hoping that it would allow incoming ftp connection from a specific address)

and my /etc/proftpd.conf file is the basic one:

ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>

# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
User ftp
Group ftp
RequireValidShell no
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>

Martin O 02-05-2004 06:44 PM
Have you tried a portscan
 
Hi there,

Have you tried doing a portscan from outside your internal network ?

If you have nmap installed on the remote host you are trying to connnect from you can simply type:

nmap -sT your.public.ip.address

This should portscan your ip address and see what ports you can connect to on your ftp server.

If you can't see port 21 then there might be a problem with your firewall setup.

Hope this was a help to you!

Martin

nktidwell 02-19-2004 09:48 PM
Verizon Online does not allow one to run a server... Details are at the verizon website, I tried the same my self...:(

flashingcurser 02-19-2004 10:49 PM
I'm curious, how does verison stop you?

nktidwell 02-21-2004 09:46 PM
They black hole port 80 incoming connections. There may be a way to get around this by using a different port (ie. 8080).

cevjr 02-22-2004 04:42 PM
Verizon does not stop your FTP connection. I was wrong! The problem I had was that the Netgear MR814 router that I use does not allow more than 1 connection on the forwarded port. Since I was trying to connect from inside my network...it was preventing me. However when I went outside my local network (someone elses house - it worked). If this does not make sense let me know or go to http://kbserver.netgear.com/kb_web_f...sp#RP614Anchor

So, to summarize what I did:

for anonymous connection no uploading!
use proftpd-1.2.8-1386-2
modify files
/etc/ftpusers (get rid of ftp)
/etc/proftpd.conf (use the basic conf)
remember to port forward on router ports 20 & 21
remember to open ports 20 & 21 on firewall

USE gFTP for an ftp client
IF LOCAL
on client side: log into 192.168.x.x and do not allow passive

IF WWW (make sure you are outside of your local network)
on client side: log into ipaddressverizongives.x.x.x and do not allow passive/try passive


All times are GMT -5. The time now is 07:24 AM.