FTPD port trouble.

Trond Endrestøl Trond.Endrestol at fagskolen.gjovik.no
Fri Feb 7 15:51:05 UTC 2014 

On Fri, 7 Feb 2014 14:00-0000, g8kbvdave at googlemail.com wrote:

> Hi All.
> 
> How "EXACTLY" (sorry)   Do I specify, the main connection port number for FTPd 
> (enabled in inetd.conf, and inetd enabled in rc.conf) to listen on, and the range 
> of ports to use for PASV mode?

In /etc/services, create your own definition:

ftp-local        2121/tcp    #File Transfer [Control] (Local Override)


In /etc/inetd.conf, add/modify the appropriate lines:

ftp-local    stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
ftp-local    stream  tcp6    nowait  root    /usr/libexec/ftpd       ftpd -l

According to ftpd(8) and ip(4), ftpd does by default use 
IP_PORTRANGE_HIGH which can be adjusted by setting 
net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast on the 
command line for immediate effect and/or permanently in 
/etc/sysctl.conf.

On one of my 9.2 systems I have:

net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535

Other parts of the jail may use these sysctls, so be careful.

> What parameter (.conf) files do I need to edit and/or create to do that in the 
> server jail, also the exact sytax of what to put in there.   (The manpages for ftpd 
> leave me stone cold, as usual.)

I believe you can use /etc/sysctl.conf in each jail.

> I've a jailed web server running now on FBSSD 9.2, it seems stable and does the 
> job fine.
> 
> The same jail also has the OS's own FTPD service running, started via inetd.  
> There are three FTP users, that are chrooted to the directories needed within the 
> jail, thanks to entries in /etc/ftpchroot in the jail.
> 
> I have other machines on the same local LAN segment automaticaly updating 
> data on the web pages also just fine via FTP, using either active or passive 
> mode, as they see fit.
> 
> However, I wish to be able to access those same directories and files via FTP 
> over a SSHD session (typicaly using PuTTY on Windows, and a FileZilla client) for 
> remote admin needs, to that end, there is a general site maintenance FTP user.

One solution, unless you want to go the POSIX ACL route, is to create 
a special group for the maintenance user in /etc/groups, set the 
setgid bit on the chrooted directories,

chmod -R g+s some-dir

and assign at least 0770 to each directory, and at least 0660 to each 
file, these commands only modify the group access rights,

find some-dir -type d -exec chmod -R g+rwx {} \;
find some-dir -type f -exec chmod -R g+rw  {} \;

and assign the special group to each file and directory,

chgrp -R specialgroup some-dir

You need to modify the users umask to 002 for this to work properly 
afterwards.

> (I usually configure such machines (on other OS's) to use "High" ports, way up in 
> the dynamic range.  It's never a problem, so long as both the server and client 
> agree on the same ports of course.)
> 
> I've spent an inordinate ammount of time getting nowhere with Google, as it 
> seems all the realy useful FreeBSD forum archives are long gone. (404 errors.  
> Why?)  So I need help from the collective please.
> 
> (I also still can't get onto the IRC channel(s) for FreeBSD, but that's another 
> issue.)
> 
> I can already do what I want just fine, when physically connected to the LAN 
> with either of the portable PC's I often carry with me, so it's just those blessed 
> port numbers I need to nail to the floor, so I can tunnel them via the SSH link.
> 
> Best Regards, and cheers to All.
> 
> Dave B.
> 
> PS:	If anyone knows of a good blow by blow walk through, showing how to 
> setup Pure-FTPD correctly (other than just use it's basic install) not needing SQL 
> databases (Why complicate things?)  I'd like to know for the future.
> 
> Its documentation may be plentiful, but its pure crud to read, even when 
> imported into a decent reader so it doesn't hurt the eyes!  :)    Plus I know zilch 
> re SQL databases, so that's a non starter for me anyway.
> 
> Respond off list if you feel the need.

-- 
+-------------------------------+------------------------------------+
| Vennlig hilsen,               | Best regards,                      |
| Trond Endrestøl,              | Trond Endrestøl,                   |
| IT-ansvarlig,                 | System administrator,              |
| Fagskolen Innlandet,          | Gjøvik Technical College, Norway,  |
| tlf. mob.   952 62 567,       | Cellular...: +47 952 62 567,       |
| sentralbord 61 14 54 00.      | Switchboard: +47 61 14 54 00.      |
+-------------------------------+------------------------------------+

More information about the freebsd-questions mailing list