FTPD port trouble.

Fri Feb 7 16:05:08 UTC 2014

Thank you Sir, that helps a lot towards my better understanding.

I'll try a few changes later and report back.

I find it frustrating that the man pages rarely cover everything one needs
to know in one place.

Best regards.

Dave B
(Coffe shop portable)

Sent from an el cheapo 'droid device :-)
On Feb 7, 2014 3:51 PM, "Trond Endrestøl" <
Trond.Endrestol at fagskolen.gjovik.no> wrote:

> On Fri, 7 Feb 2014 14:00-0000, g8kbvdave at googlemail.com wrote:
>
> > Hi All.
> >
> > How "EXACTLY" (sorry)   Do I specify, the main connection port number
> for FTPd
> > (enabled in inetd.conf, and inetd enabled in rc.conf) to listen on, and
> the range
> > of ports to use for PASV mode?
>
> In /etc/services, create your own definition:
>
> ftp-local        2121/tcp    #File Transfer [Control] (Local Override)
>
>
> In /etc/inetd.conf, add/modify the appropriate lines:
>
> ftp-local    stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd
> -l
> ftp-local    stream  tcp6    nowait  root    /usr/libexec/ftpd       ftpd
> -l
>
> According to ftpd(8) and ip(4), ftpd does by default use
> IP_PORTRANGE_HIGH which can be adjusted by setting
> net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast on the
> command line for immediate effect and/or permanently in
> /etc/sysctl.conf.
>
> On one of my 9.2 systems I have:
>
> net.inet.ip.portrange.hifirst: 49152
> net.inet.ip.portrange.hilast: 65535
>
> Other parts of the jail may use these sysctls, so be careful.
>
> > What parameter (.conf) files do I need to edit and/or create to do that
> in the
> > server jail, also the exact sytax of what to put in there.   (The
> manpages for ftpd
> > leave me stone cold, as usual.)
>
> I believe you can use /etc/sysctl.conf in each jail.
>
> > I've a jailed web server running now on FBSSD 9.2, it seems stable and
> does the
> > job fine.
> >
> > The same jail also has the OS's own FTPD service running, started via
> inetd.
> > There are three FTP users, that are chrooted to the directories needed
> within the
> > jail, thanks to entries in /etc/ftpchroot in the jail.
> >
> > I have other machines on the same local LAN segment automaticaly updating
> > data on the web pages also just fine via FTP, using either active or
> passive
> > mode, as they see fit.
> >
> > However, I wish to be able to access those same directories and files
> via FTP
> > over a SSHD session (typicaly using PuTTY on Windows, and a FileZilla
> client) for
> > remote admin needs, to that end, there is a general site maintenance FTP
> user.
>
> One solution, unless you want to go the POSIX ACL route, is to create
> a special group for the maintenance user in /etc/groups, set the
> setgid bit on the chrooted directories,
>
> chmod -R g+s some-dir
>
> and assign at least 0770 to each directory, and at least 0660 to each
> file, these commands only modify the group access rights,
>
> find some-dir -type d -exec chmod -R g+rwx {} \;
> find some-dir -type f -exec chmod -R g+rw  {} \;
>
> and assign the special group to each file and directory,
>
> chgrp -R specialgroup some-dir
>
> You need to modify the users umask to 002 for this to work properly
> afterwards.
>
> > (I usually configure such machines (on other OS's) to use "High" ports,
> way up in
> > the dynamic range.  It's never a problem, so long as both the server and
> client
> > agree on the same ports of course.)
> >
> > I've spent an inordinate ammount of time getting nowhere with Google, as
> it
> > seems all the realy useful FreeBSD forum archives are long gone. (404
> errors.
> > Why?)  So I need help from the collective please.
> >
> > (I also still can't get onto the IRC channel(s) for FreeBSD, but that's
> another
> > issue.)
> >
> > I can already do what I want just fine, when physically connected to the
> LAN
> > with either of the portable PC's I often carry with me, so it's just
> those blessed
> > port numbers I need to nail to the floor, so I can tunnel them via the
> SSH link.
> >
> > Best Regards, and cheers to All.
> >
> > Dave B.
> >
> > PS:   If anyone knows of a good blow by blow walk through, showing how to
> > setup Pure-FTPD correctly (other than just use it's basic install) not
> needing SQL
> > databases (Why complicate things?)  I'd like to know for the future.
> >
> > Its documentation may be plentiful, but its pure crud to read, even when
> > imported into a decent reader so it doesn't hurt the eyes!  :)    Plus I
> know zilch
> > re SQL databases, so that's a non starter for me anyway.
> >
> > Respond off list if you feel the need.
>
> --
> +-------------------------------+------------------------------------+
> | Vennlig hilsen,               | Best regards,                      |
> | Trond Endrestøl,              | Trond Endrestøl,                   |
> | IT-ansvarlig,                 | System administrator,              |
> | Fagskolen Innlandet,          | Gjøvik Technical College, Norway,  |
> | tlf. mob.   952 62 567,       | Cellular...: +47 952 62 567,       |
> | sentralbord 61 14 54 00.      | Switchboard: +47 61 14 54 00.      |
> +-------------------------------+------------------------------------+
>