Proftpd 'VirtualServers' configuration probs...

c.lakey · 10-24-2005, 02:23 AM

Hi All,

I am having difficulties setting up proftpd with virtual directories - (running Debian Sarge & Apache2 webserver).

Essentially I have a webserver hosting 'our' 5 websites.
I have not had the requirement to update the pages externally, so have never bothered to set up FTP.

Been doing some reading and ProFTP seemed to be 'the go'.

It is installed, and can run in the default configuration, BUT I am having troubles getting my head around the <VirtualHost> Directive.

From what I understand, I cannot use NAME BASED VIRTUAL HOSTS, thus have configured my one and only ethernet interface (eth0) with several aliases.

ie - Current setup on my debian box is:
eth0 is 192.168.144.44
eth0:0 is 192.168.144.45
eth0:1 is 192.168.144.46
etc.

This allows me to set up my virtual hosts by (unique) IP address. Thus internally I can set up DNS records/forwards which resolve my requests correctly- eg:
ftp.site1.com.au resolves to 192.168.144.44
ftp.site2.com.au resolves to 192.168.144.46

Problem: - Multiple hosts configured and is not working.
(Internal Network Access)
Default - server config virtual host seems to work.
2nd virtual host reports:
'500 Sorry no virtual server availaible to handle request on 192.168.144.46'

I realise that the logical answer will probably be to please 'post the proftpd.conf' file. I have not done this as it is currently in a bit of a messy state, due to various attempts at trying different fixes.

I will review and rewrite from scratch tomorrow and re-post, but I would really appreciate any tips/examples that you could either send my way or point me in the right direction.

Cheers.

NB: Please note I have tracked down several of the more 'useful/descriptive' links but am apparently not allowed to 'include website references' (or something) of that nature as am only a newbie and is a preventative measure against spammers.

c.lakey · 10-24-2005, 09:17 PM

OK,
I Rewrote proftpd.conf file from scratch (with a clear head) and all is working now. For the benefit of anyone who is interested in configuring proftpd along the same lines, I am posting my entire configuration file - server names etc changed

Note
- configuration file only displays 2 virtual hosts. Add more hosts :- simply copy paste and update filenames & IP Addresses.
- I have set up IP aliases for my primary/only ethernet card (eth0) following instructions from this page: http://cr.yp.to/djbdns/ifconfig.html
- FreeBSD Proftpd info (applies to most OSes) can be found: http://www.freebsddiary.org/ftpvirtual.php
- Good ProFTPD Documentation can be found at: http://www.castaglia.org/proftpd/#Documentation

NOTE2
I am completely unsure how I will be able to grant FTP access to external users, as am behind NAT Firewall. -- NAT issues aside as I only have one external IP address, all incoming FTP requests will hit this single address and as it does not support Name Based DNS I do not know how to differentiate between virtual hosts...... 'MasqueradeAddress' Directive?? Configure different vhosts on diff ports??.... I will look into this somewhere else more relevant...

Cheers.

Code:

## My ProFTPd config file
##

## <Server Config> ## This is a logical directive only - does not exist!

ServerName		":-D  FTP SERVER  :-D"

# inetd or standalone
ServerType		standalone

# This is the address the server will listen on
# default requests.
DefaultAddress		192.168.144.44

# Listen on Port 21
Port			21

# Umask (File permissions)
Umask			022	
TimeoutLogin		120
TimeoutIdle		600
TimeoutNoTransfer	900
TimeoutStalled		3600

# Specify whether to service requests other than those 
# whose IP addresses are explicitly defined.
DefaultServer	off

# Account which proftp daemon runs as:
User			nobody
Group			nogroup

## </Server Config>

# Configuration options which apply to ALL vhosts.
<Global>
  DisplayLogin		/FTP/welcome.msg
 
  # Use only AuthUserFiles whgen authenticating users - NOT
  # the systems /etc/passwd file!
  AuthOrder		mod_auth_file.c
 
  # Log File/Dir Access
  ExtendedLog		/FTP/logs/access.log WRITE,READ write
  # Log all logins
  ExtendedLog		/FTP/logs/auth.log AUTH auth
  # Log PARANOIA - log everything
  #ExtendedLog		/FTP/logs/paranoid.log ALL default

</Global>

## Virtual host #1 :- Bedford Consulting
## ftp.bedfordconsulting.com
##
<VirtualHost 192.168.144.45>
  # Listen for ftp.bedfordconsulting.com on additional IP.
  #Bind			192.168.144.44
  ServerAdmin		its@bedfordconsulting.com
  ServerName		"Bedford Consulting FTP Server"
  TransferLog		/FTP/xferlog/ftp.bedfordconsulting
  MaxLoginAttempts	25
  RequireValidShell	no
  DefaultRoot		/chroot/wwwroot/bedfordconsulting

  # Set up 'virtual FTP Users' ie. users with no system 
  # account.
  AuthUserFile		/FTP/auth/users.bedfordconsulting.ftp
  AuthGroupFile		/FTP/auth/group.bedfordconsulting.ftp

</VirtualHost>


## Virtual host #2 :- Bedrock Financial Services
## ftp.bedrock.com
##
<VirtualHost 192.168.144.46>
  ServerAdmin		its@bedrock.com
  ServerName		"Bedrock FTP Server"
  TransferLog		/FTP/xferlog/ftp.bedrock
  MaxLoginAttempts	25
  RequireValidShell	no
  DefaultRoot		/chroot/wwwroot/bedrock

  # Set up 'virtual FTP Users' ie. users with no system 
  # account.
  AuthUserFile		/FTP/auth/users.bedrock.ftp
  AuthGroupFile		/FTP/auth/group.bedrock.ftp

</VirtualHost>