pureftpd can't work normally on pureftp--NATD--ipfw--FreeBSD 5.4
he ccjj
heccjj1 at gmail.com
Tue Aug 23 01:05:46 GMT 2005
I use freebsd 5.4(with OPTION IPFW on and IPFIREWALL_DEFAULT_TO_ACCEPT
on)+apache+pureftp+natd to setup a server used for ftp/web server and
as a getway for share network too.
My network like this:
------(oip:x.x.x.a)------
| |
(oif:em0)-->| |-->(internet getway:x.x.x.254)
^ | |
| ---(oip alias0:x.x.x.b)--
|
|
(iif:em1,iip:192.168.100.254)<-------(inet 192.168.100.254/16)<---(intranet)
I bind oip:x.x.x.a as httpd and pureftpd serverip,and use
em0_aliase0(x.x.x.b) as natd's interface.
And use of rc.firewall rule: 'open .
So my intranet can share internet normaly through natd on x.x.x.b,and
http server work normaly too.And the users of
intranet(192.168.100.254/16) can visit pureftpd correctly.
My problem is:the users of internet can't visited my pureftpd on
x.x.x.a correctly,The debug information like below.From the erro,it's
like that ipfw rule was wrong.If I cancel em0_alias0(x.x.x.b),and set
natd_interface to (x.x.x.a),it work very well!
Is there some one meet this problem before?Give me help please!
=========================================
*** CuteFTP Pro 6.0 - build Mar 25 2004 ***
STATUS:> Getting listing ""...
STATUS:> Resolving host name x.x.x.a...
STATUS:> Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:> Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:> Socket connected. Waiting for welcome message...
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-Local time is now 23:07. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
STATUS:> Connected. Authenticating...
COMMAND:> USER tmp
331 User tmp OK. Password required
COMMAND:> PASS *****
230-User tmp has group access to: www
230 OK. Current restricted directory is /
STATUS:> Login successful.
COMMAND:> PWD
257 "/" is your current location
STATUS:> Home directory: /
COMMAND:> FEAT
211-Extensions supported:
EPRT
IDLE
MDTM
SIZE
REST STREAM
MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
MLSD
ESTP
PASV
EPSV
SPSV
211 End.
STATUS:> This site supports features.
STATUS:> This site supports SIZE.
STATUS:> This site can resume broken downloads.
COMMAND:> REST 0
350 Restarting at 0
COMMAND:> PASV
227 Entering Passive Mode (x,x,x,a,158,251)
STATUS:> Connecting FTP data socket x.x.x.a:40699...
ERROR:> The connection failed due to an error or timeout.
1) Verify that the destination IP address is correct.
......
12) Verify that your anti-virus software is not at fault (try disabling it).
ERROR:> PASV failed, trying PORT.
STATUS:> Waiting 0 seconds...
STATUS:> Getting listing "/"...
STATUS:> Resolving host name x.x.x.a...
STATUS:> Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:> Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:> Socket connected. Waiting for welcome message...
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-Local time is now 23:08. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
STATUS:> Connected. Authenticating...
COMMAND:> USER tmp
331 User tmp OK. Password required
COMMAND:> PASS *****
230-User tmp has group access to: www
230 OK. Current restricted directory is /
STATUS:> Login successful.
COMMAND:> PWD
257 "/" is your current location
STATUS:> Home directory: /
STATUS:> This site supports features.
STATUS:> This site supports SIZE.
STATUS:> This site can resume broken downloads.
COMMAND:> REST 0
350 Restarting at 0
COMMAND:> PORT 192,168,123,104,6,18
200 PORT command successful
COMMAND:> LIST
ERROR:> Timeout (60000 ms) occurred on receiving server response.
=========================================
content of /etc/rc.conf:
======================
hostname="x.x.x.a"
ifconfig_em0="inet x.x.x.a netmask 255.255.255.0"
ifconfig_em0_alias0="inet x.x.x.b netmask 255.255.255.0"
ifconfig_em1="inet 192.168.100.254 netmask 255.255.255.0"
defaultrouter="x.x.x.254"
static_routes="inside"
route_inside="-net 192.168.100.254/16 192.168.100.1"
#proxy:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="simple"
natd_enable="YES"
natd_interface="x.x.x.b"
nat_flag="-a x.x.x.b"
#servers:
inetd_enable="YES"
#pureftpd_enable="YES"
apache2_enable="YES"
=======================
content of /etc/inetd.conf:
==============================
ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd
-Sx.x.x.a,21 -Px.x.x.a -lmysql:/usr/local/etc/pureftpd-mysql.conf -A
-j -D -Oclf:/web/logs/ftp/pureftp.log
#ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd
ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
==============================
More information about the freebsd-questions
mailing list