From: Ronald D. <Ron...@ww...> - 2005-07-28 01:25:10
|
Also... If i attempt even a "ftp localhost" on the ftp server and force passive it just hangs. Ronald Davis Senior Systems Administrator World Wide Technology, Inc. Phone: 314-301-2445 Email: ron...@ww... >>> Ron...@ww... 07/27/05 8:01 PM >>> All please help!!! Here is what i have: I have a proftpd installation: proftpd-1.2.10 running mod_ldap and mod_tls on Solaris 9 Im attempting to setup an ftp server that is accessable via ftp and ftps that auths with Sun LDAP. This server is located behind a firewall and we have punched through the public traffic on ftp, ftp-data and passive ports 55000 - 56000 to this server. I have a weird issue where I can connect ftp passive and ftps passive from a host and at the same time not be able to connect from another. Or not be able to connect from either host OR be able to connect ftp passive from one host and not ftp passive from another. It is completly spiratic and ive noticed that i alter which can connect by changing the MasqueradeAddress value and removing it all together. Please help ive been killing myself with this! here is my proftpd config: ################################################################# ServerName "FTP Depot" ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 21 MasqueradeAddress ftp.domain.com PassivePorts 55000 56000 # Global creates a "global" configuration that is shared by the # main server and all virtualhosts. <Global> # Umask 002 is a good standard umask to prevent new dirs and files # from being world writable but allowing group writable. Umask 002 </Global> # Set the user and group that the server normally runs at. User nobody Group nogroup # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 100 # Maximum seconds a data connection may "stall" TimeoutStalled 300 ExtendedLog /var/log/proftpd_paranoid.log ALL # Normally, we want files to be overwriteable. <Directory /> AllowOverwrite on </Directory> # More Config DefaultRoot /wwt_data/ftphome/%u AuthOrder mod_ldap.c LDAPDoAuth on dc=domain,dc=com LDAPServer ldapserver.domain.com:389 LDAPDNInfo "cn=%USER%,dc=domain,dc=com %LDAPPW%" LDAPForceDefaultGID on LDAPDefaultGID 201 <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/tls.log TLSProtocol TLSv1 # Clients are required to use FTP over TLS when talking to this server # off = clients can connect using insecure FTP or secure FTP/SSL # on = clients can only connect using secure FTP/SSL TLSRequired off # Server's certificate TLSRSACertificateFile /opt/proftpd/etc/server.crt TLSRSACertificateKeyFile /opt/proftpd/etc/server.key # CA the server trusts TLSCACertificateFile /opt/proftpd/etc/ca.crt # Authenticate clients that want to use FTP over TLS # off = client SSL certificates are not requried # on = client SSL certificates are required TLSVerifyClient off PassivePorts 55000 56000 </IfModule> ################################################################## Ronald Davis Senior Systems Administrator World Wide Technology, Inc. Phone: 314-301-2445 Email: ron...@ww... ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ ProFTPD Users List <pro...@pr...> Unsubscribe problems? http://www.proftpd.org/list-unsub.html |