pureftpd can't work normally on pureftp--NATD--ipfw--FreeBSD 5.4

he ccjj heccjj1 at gmail.com
Tue Aug 23 01:05:46 GMT 2005 

I use freebsd 5.4(with OPTION IPFW on and IPFIREWALL_DEFAULT_TO_ACCEPT
on)+apache+pureftp+natd to setup a server used for ftp/web server and
as a getway for share network too.

My network like this:

              ------(oip:x.x.x.a)------
             |                         |
 (oif:em0)-->|                         |-->(internet getway:x.x.x.254)
    ^        |                         | 
    |         ---(oip alias0:x.x.x.b)-- 
    |     
    |     
 (iif:em1,iip:192.168.100.254)<-------(inet 192.168.100.254/16)<---(intranet)  

I bind oip:x.x.x.a as httpd and pureftpd serverip,and use
em0_aliase0(x.x.x.b)  as natd's interface.

And use of  rc.firewall rule: 'open .
So my intranet can share internet normaly through natd on x.x.x.b,and
http server work normaly too.And the users of
intranet(192.168.100.254/16) can visit pureftpd correctly.

My problem is:the users of internet can't visited my pureftpd on
x.x.x.a correctly,The debug information like below.From the erro,it's
like that ipfw rule was wrong.If I cancel em0_alias0(x.x.x.b),and set
natd_interface to (x.x.x.a),it work very well!
Is there some one meet this problem before?Give me help please!

=========================================
		*** CuteFTP Pro 6.0 - build Mar 25 2004 ***

STATUS:>  	Getting listing ""...
STATUS:>  	Resolving host name x.x.x.a...
STATUS:>  	Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:>  	Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:>  	Socket connected. Waiting for welcome message...
		220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
		220-Local time is now 23:07. Server port: 21.
		220 You will be disconnected after 15 minutes of inactivity.
STATUS:>  	Connected. Authenticating...
COMMAND:>	USER tmp
		331 User tmp OK. Password required
COMMAND:>	PASS *****
		230-User tmp has group access to:  www     
		230 OK. Current restricted directory is /
STATUS:>  	Login successful.
COMMAND:>	PWD
		257 "/" is your current location
STATUS:>  	Home directory: /
COMMAND:>	FEAT
		211-Extensions supported:
		 EPRT
		 IDLE
		 MDTM
		 SIZE
		 REST STREAM
		 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
		 MLSD
		 ESTP
		 PASV
		 EPSV
		 SPSV

		211 End.
STATUS:>  	This site supports features.
STATUS:>  	This site supports SIZE.
STATUS:>  	This site can resume broken downloads.
COMMAND:>	REST 0
		350 Restarting at 0
COMMAND:>	PASV
		227 Entering Passive Mode (x,x,x,a,158,251)
STATUS:>  	Connecting FTP data socket x.x.x.a:40699...
ERROR:>   	The connection failed due to an error or timeout.
		1) Verify that the destination IP address is correct.
     ......
		12) Verify that your anti-virus software is not at fault (try disabling it).
ERROR:>   	PASV failed, trying PORT.
STATUS:>  	Waiting 0 seconds...
STATUS:>  	Getting listing "/"...
STATUS:>  	Resolving host name x.x.x.a...
STATUS:>  	Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:>  	Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:>  	Socket connected. Waiting for welcome message...
		220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
		220-Local time is now 23:08. Server port: 21.
		220 You will be disconnected after 15 minutes of inactivity.
STATUS:>  	Connected. Authenticating...
COMMAND:>	USER tmp
		331 User tmp OK. Password required
COMMAND:>	PASS *****
		230-User tmp has group access to:  www     
		230 OK. Current restricted directory is /
STATUS:>  	Login successful.
COMMAND:>	PWD
		257 "/" is your current location
STATUS:>  	Home directory: /
STATUS:>  	This site supports features.
STATUS:>  	This site supports SIZE.
STATUS:>  	This site can resume broken downloads.
COMMAND:>	REST 0
		350 Restarting at 0
COMMAND:>	PORT 192,168,123,104,6,18
		200 PORT command successful
COMMAND:>	LIST
ERROR:>   	Timeout (60000 ms) occurred on receiving server response.
=========================================

content of /etc/rc.conf:
======================
hostname="x.x.x.a"

ifconfig_em0="inet x.x.x.a  netmask 255.255.255.0"
ifconfig_em0_alias0="inet x.x.x.b netmask 255.255.255.0"
ifconfig_em1="inet 192.168.100.254  netmask 255.255.255.0"

defaultrouter="x.x.x.254"
static_routes="inside"
route_inside="-net 192.168.100.254/16 192.168.100.1"

#proxy:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="simple"
natd_enable="YES"
natd_interface="x.x.x.b"
nat_flag="-a x.x.x.b"

#servers:
inetd_enable="YES"
#pureftpd_enable="YES"
apache2_enable="YES"
=======================

content of /etc/inetd.conf:
==============================
ftp	stream	tcp	nowait	root	/usr/local/sbin/pure-ftpd	pure-ftpd
-Sx.x.x.a,21 -Px.x.x.a -lmysql:/usr/local/etc/pureftpd-mysql.conf -A
-j -D -Oclf:/web/logs/ftp/pureftp.log
#ftp	stream 	tcp	nowait	root	/usr/local/sbin/pure-ftpd	pure-ftpd

ssh	stream	tcp	nowait	root	/usr/sbin/sshd		sshd -i -4

==============================

More information about the freebsd-questions mailing list