ahhh! ProFTP would'nt let me connect
 

emmm knid of two questions

I am trying to set up pro ftp to allow users to access the /var/www directory on my PC but alas it wouldnt even let the local machine connect. I have set it up edited hosts.allow and host.deny to allow remote machines to connect. each time I try it just says connection refused right out.

I am running mandrake 9.1

here is my proftp.conf file
//////////////////////////////////////////////////////////////////////////////////////////////////////////
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "servername"
ServerType inetd
DeferWelcome off

ShowSymlinks on
MultilineRFC2228 on
DefaultServer on
AllowOverwrite on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
LsDefaultOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

AllowOverwrite on
</Directory>

# chroot for all users of the group ftpuser
DefaultRoot ~ ftpuser

# grant login only for members of the group
<Limit LOGIN>
DenyGroup !ftpuser
</Limit>

# disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin off
RequireValidShell on
</Global>

# increase
UseReverseDNS off

IdentLookups off

# Logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

# activate logging

# every login
ExtendedLog /var/log/ftp_auth.log AUTH auth

# file/dir access
ExtendedLog /var/log/ftp_access.log WRITE,READ write

# forr paranoid (big logfiles!)
#ExtendedLog /var/log/ftp_paranoid.log ALL default
/////////////////////////////////////////////////////////////////////////////////////////////////////////

also mandrake has this nasty habit of rewriting the hosts.allow and setting it back to
ALL:ALL EXCEPT 127.0.0.1:DENY
What is rewriting this file and how can i stop it.

Thanks gaelen

It sounds like your "connection refused" message is occuring when you first login.

Is your proftpd daemon accepting connections directly, or are you using the super daemon inetd to handle connections? If you are using inetd (or xinetd), you need to make sure that inetd is configured to accept these connections for proftpd.

I have also had ftp connections fail when the user's shell (as defined in /etc/passwd) was not listed in /etc/shells.

Ok It just got a little bit more intresting. I checked my /ect/passwd and /ect/shells and the shell I am using is listed in there. I believe it handles the connections directly.

but I also did I tcpdump on port 21 and attempted a login from a remote andthe local machine and low and behold nothing showed up.

(boggled by this problem)

I would really spprecatite it if some one could tell me what is rewriting /ect/hosts.deny back to the default I have to always go in and comment out
ALL:ALL EXCEPT 127.0.0.1: DENY
as mandrake seams to like it being in there
(boggles again)

You might have a cron job doing this. Your distro could well have set this up as a security measure. Places to start looking are to invoke "crontab -l" as root to see what cron jobs root has scheduled, and look in your /etc/ directory for something that is setting up regular cron jobs.