Hi everyone,
I am trying, initially, to set up an anonymously accessed, blind
incoming folder using ssl-based ftp.
I've downloaded and compiled ftp_mod, configured it and have it working
as expected within the local network, but am having issues getting the
settings correct for internet access.
On our router, we've put in rules for inbound connections from any
source IP to [WANIP]:990 to be forwarded to [LANIP]:990 and this has
made it possible to connect and anonymously authenticate, but not to get
a data connection.
I was under the impression that setting FTPPASVaddr to the WANIP would
provide the proper PORT response to allow the data connection without
router configuration changes.
However, if I did not set FTPPASVbindaddr, it still sent the LANIP back
in the PORT command to the client. (not sure if this is a bug...)
Once I set both, it did send the WANIP in the PORT command, but I was
still not able to achieve a data connection.
Any help would be greatly appreciated!
Thanks,
Larry Irwin
CCA Medical
Versions: Debian Etch 2.6.18-6-amd64, httpd-2.2.22.tar.gz,
mod_ftp-0.9.6-beta.tar.gz
Folders: drwxrwxrwx 3 root root 4096 Nov 12 17:42 sftp, d-wx-wx-wx 2
root root 4096 Nov 13 14:40 sftp/incoming
Entries added to httpd.conf: LoadModule ftp_module modules/mod_ftp.so,
Include conf/extra/ftpd.conf
Content of ftpd.conf:
<IfModule mod_log_config.c>
LogFormat "%u [%a] %r" command_log_fmt
LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y"
transfer_log_fmt
</IfModule>
Listen [LANIP]:990 ftp
AcceptFilter ftp none
SSLPassPhraseDialog builtin
SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache"
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache2/logs/ssl_mutex"
<VirtualHost [LANIP]:990>
FTPPASVaddr [WANIP]
FTPPASVbindaddr [WANIP]
FTPOptions AllowProxyPASV AllowProxyPORT
ServerAdmin y...@ftp.example.com
DocumentRoot "/u/ftp/sftp"
FTP On
<Directory "/u/ftp/sftp">
AuthName "Use 'anonymous' and email address for guest entry"
AuthType basic
</Directory>
<Directory "/u/ftp/sftp">
<Limit MKD RMD STOR DELE RNFR>
Order deny,allow
Deny from all
</Limit>
</Directory>
<Directory "/u/ftp/sftp/incoming">
<LimitExcept MKD RMD STOR DELE RNFR>
Order deny,allow
Allow from all
</LimitExcept>
</Directory>
ErrorLog "logs/ftp_error_log"
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
FTPImplicitSSL On
</VirtualHost>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
