proftpd & jail

trobalo at mrna.ist.utl.pt trobalo at mrna.ist.utl.pt
Wed May 10 11:01:41 UTC 2006 

we have a problem with proftp running in a jail

-> pf.conf

ext_if="em0"

ip_ext="*.*.*.*"

ip_jail="127.0.0.3"

rdr on $ext_if proto tcp from any to $ip_ext port 20 -> $ip_jail port 20
rdr on $ext_if proto tcp from any to $ip_ext port 21 -> $ip_jail port 21
rdr on $ext_if proto tcp from any to $ip_ext port 49152:52000 ->
$ip_jail port 49152:52000


pass in log quick on $ext_if proto tcp from any to $ip_jail port 20
flags S/SAFR keep state

pass in log quick on $ext_if proto tcp from any to $ip_jail port 21
flags S/SAFR keep state

pass in log quick on $ext_if proto tcp from any to $ip_jail port 49151
  >< 52001
pass out log quick on $ext_if proto tcp from $ip_jail port 49151 ><
52001 to any


-> proftpd.conf

ServerName "SERVER X"
ServerType standalone
DefaultServer on
ScoreboardFile /var/run/proftpd.scoreboard
ExtendedLog /var/log/proftpd.log

AllowForeignAddress on
PassivePorts 49152 52000
IdentLookups off

DisplayConnect /etc/motd
Port 21
Umask 022

MaxInstances 30

User nobody
Group nogroup

AllowOverwrite on

<Limit SITE_CHMOD>
DenyAll
</Limit>

-> proftp log:

*.*.*.* UNKNOWN test [09/May/2006:10:36:23 +0100] "NOOP" 200 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:23 +0100] "CWD
/usr/home/teste/" 250 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:23 +0100] "TYPE A" 200 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:23 +0100] "PASV" 227 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:24 +0100] "USER anonymous" 331 -
*.*.*.* UNKNOWN nobody [09/May/2006:10:36:24 +0100] "PASS (hidden)" 530 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:24 +0100] "NOOP" 200 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:24 +0100] "CWD
/usr/home/test/" 250 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:24 +0100] "TYPE A" 200 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:24 +0100] "PASV" 227 -
*.*.*.* UNKNOWN nobody [09/May/2006:10:36:27 +0100] "USER test" 331 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:27 +0100] "PASS (hidden)" 230 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:27 +0100] "OPTS utf8 on" 501 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:27 +0100] "PWD" 257 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:27 +0100] "NOOP" 200 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:27 +0100] "CWD
/usr/home/test/" 250 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:27 +0100] "TYPE A" 200 -
*.*.*.* UNKNOWN test [09/May/2006:10:36:27 +0100] "PASV" 227 -

If we use ftp browse (firefox, IE) or ms-dos we can?t open ftp contents,
it appears the login window but after that show this error:

"An error occurred opening that folder on the FTP Server. Make sure that
you have permission to access that folder

drwx------ 3 test wheel 512 May 8 18:48 teste

using chmod 777 the error continues.

sugestions?
thanks a lot

More information about the freebsd-questions mailing list