pureftpd can't work normally on pureftp--NATD--ipfw--FreeBSD 5.4
he ccjj
heccjj1 at gmail.com
Wed Aug 24 15:12:25 GMT 2005
I use freebsd 5.4(with OPTION IPFW on and IPFIREWALL_DEFAULT_TO_ACCEPT
on)+apache+pureftp+natd to setup a server used for ftp/web server and
as a getway for share network too.
My network like this:
------(oip:x.x.x.a)------
| |
(oif:em0)-->| |-->(internet getway:x.x.x.254)
^ | |
| ---(oip alias0:x.x.x.b)--
|
|
(iif:em1,iip:192.168.100.254)<-------(inet 192.168.100.254/16)<---(intranet)
I bind oip:x.x.x.a as httpd and pureftpd serverip,and use
em0_aliase0(x.x.x.b) as natd's interface.
And use of rc.firewall rule: 'open .
So my intranet can share internet normaly through natd on x.x.x.b,and
http server work normaly too.And the users of
intranet(192.168.100.254/16) can visit pureftpd correctly.
My problem is:the users of internet can't visited my pureftpd on
x.x.x.a correctly,The debug information like below.From the erro,it's
like that ipfw rule was wrong(When i use "open" rule in rc.firewall,i
get the same erro).If I cancel em0_alias0(x.x.x.b),and set
natd_interface to (x.x.x.a),it work very well!
Is there some one meet this problem before?I have seen something like
ftp proxy in pf,how to write those rule in ipfw?Give me help please!
=========================================
*** CuteFTP Pro 6.0 - build Mar 25 2004 ***
STATUS:> Getting listing ""...
STATUS:> Resolving host name x.x.x.a...
STATUS:> Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:> Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:> Socket connected. Waiting for welcome message...
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-Local time is now 23:07. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
STATUS:> Connected. Authenticating...
COMMAND:> USER tmp
331 User tmp OK. Password required
COMMAND:> PASS *****
230-User tmp has group access to: www
230 OK. Current restricted directory is /
STATUS:> Login successful.
COMMAND:> PWD
257 "/" is your current location
STATUS:> Home directory: /
COMMAND:> FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST
type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
211 End.
STATUS:> This site supports features.
STATUS:> This site supports SIZE.
STATUS:> This site can resume broken downloads.
COMMAND:> REST 0
350 Restarting at 0
COMMAND:> PASV
227 Entering Passive Mode (x,x,x,a,158,251)
STATUS:> Connecting FTP data socket x.x.x.a:40699...
ERROR:> The connection failed due to an error or timeout.
1) Verify that the destination IP address is correct.
......
12) Verify that your anti-virus software is not at
fault (try disabling it).
ERROR:> PASV failed, trying PORT.
STATUS:> Waiting 0 seconds...
STATUS:> Getting listing "/"...
STATUS:> Resolving host name x.x.x.a...
STATUS:> Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:> Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:> Socket connected. Waiting for welcome message...
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-Local time is now 23:08. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
STATUS:> Connected. Authenticating...
COMMAND:> USER tmp
331 User tmp OK. Password required
COMMAND:> PASS *****
230-User tmp has group access to: www
230 OK. Current restricted directory is /
STATUS:> Login successful.
COMMAND:> PWD
257 "/" is your current location
STATUS:> Home directory: /
STATUS:> This site supports features.
STATUS:> This site supports SIZE.
STATUS:> This site can resume broken downloads.
COMMAND:> REST 0
350 Restarting at 0
COMMAND:> PORT 192,168,123,104,6,18
200 PORT command successful
COMMAND:> LIST
ERROR:> Timeout (60000 ms) occurred on receiving server response.
=========================================
content of /etc/rc.conf:
======================
hostname="x.x.x.a"
ifconfig_em0="inet x.x.x.a netmask 255.255.255.0"
ifconfig_em0_alias0="inet x.x.x.b netmask 255.255.255.0"
ifconfig_em1="inet 192.168.100.254 netmask 255.255.255.0"
defaultrouter="x.x.x.254"
static_routes="inside"
route_inside="-net 192.168.100.254/16 192.168.100.1"
#proxy:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="simple"
natd_enable="YES"
natd_interface="x.x.x.b"
nat_flag="-a x.x.x.b"
#servers:
inetd_enable="YES"
#pureftpd_enable="YES"
apache2_enable="YES"
=======================
content of /etc/inetd.conf:
==============================
ftp stream tcp nowait root /usr/local/sbin/pure-ftpd
pure-ftpd
-Sx.x.x.a,21 -Px.x.x.a -lmysql:/usr/local/etc/pureftpd-mysql.conf -A
-j -D -Oclf:/web/logs/ftp/pureftp.log
#ftp stream tcp nowait root /usr/local/sbin/pure-ftpd
pure-ftpd
ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
==============================
More information about the freebsd-ipfw
mailing list