FTPD port trouble.
Dave Baxter
g8kbvdave at googlemail.com
Fri Feb 7 16:05:08 UTC 2014
Thank you Sir, that helps a lot towards my better understanding.
I'll try a few changes later and report back.
I find it frustrating that the man pages rarely cover everything one needs
to know in one place.
Best regards.
Dave B
(Coffe shop portable)
Sent from an el cheapo 'droid device :-)
On Feb 7, 2014 3:51 PM, "Trond Endrestøl" <
Trond.Endrestol at fagskolen.gjovik.no> wrote:
> On Fri, 7 Feb 2014 14:00-0000, g8kbvdave at googlemail.com wrote:
>
> > Hi All.
> >
> > How "EXACTLY" (sorry) Do I specify, the main connection port number
> for FTPd
> > (enabled in inetd.conf, and inetd enabled in rc.conf) to listen on, and
> the range
> > of ports to use for PASV mode?
>
> In /etc/services, create your own definition:
>
> ftp-local 2121/tcp #File Transfer [Control] (Local Override)
>
>
> In /etc/inetd.conf, add/modify the appropriate lines:
>
> ftp-local stream tcp nowait root /usr/libexec/ftpd ftpd
> -l
> ftp-local stream tcp6 nowait root /usr/libexec/ftpd ftpd
> -l
>
> According to ftpd(8) and ip(4), ftpd does by default use
> IP_PORTRANGE_HIGH which can be adjusted by setting
> net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast on the
> command line for immediate effect and/or permanently in
> /etc/sysctl.conf.
>
> On one of my 9.2 systems I have:
>
> net.inet.ip.portrange.hifirst: 49152
> net.inet.ip.portrange.hilast: 65535
>
> Other parts of the jail may use these sysctls, so be careful.
>
> > What parameter (.conf) files do I need to edit and/or create to do that
> in the
> > server jail, also the exact sytax of what to put in there. (The
> manpages for ftpd
> > leave me stone cold, as usual.)
>
> I believe you can use /etc/sysctl.conf in each jail.
>
> > I've a jailed web server running now on FBSSD 9.2, it seems stable and
> does the
> > job fine.
> >
> > The same jail also has the OS's own FTPD service running, started via
> inetd.
> > There are three FTP users, that are chrooted to the directories needed
> within the
> > jail, thanks to entries in /etc/ftpchroot in the jail.
> >
> > I have other machines on the same local LAN segment automaticaly updating
> > data on the web pages also just fine via FTP, using either active or
> passive
> > mode, as they see fit.
> >
> > However, I wish to be able to access those same directories and files
> via FTP
> > over a SSHD session (typicaly using PuTTY on Windows, and a FileZilla
> client) for
> > remote admin needs, to that end, there is a general site maintenance FTP
> user.
>
> One solution, unless you want to go the POSIX ACL route, is to create
> a special group for the maintenance user in /etc/groups, set the
> setgid bit on the chrooted directories,
>
> chmod -R g+s some-dir
>
> and assign at least 0770 to each directory, and at least 0660 to each
> file, these commands only modify the group access rights,
>
> find some-dir -type d -exec chmod -R g+rwx {} \;
> find some-dir -type f -exec chmod -R g+rw {} \;
>
> and assign the special group to each file and directory,
>
> chgrp -R specialgroup some-dir
>
> You need to modify the users umask to 002 for this to work properly
> afterwards.
>
> > (I usually configure such machines (on other OS's) to use "High" ports,
> way up in
> > the dynamic range. It's never a problem, so long as both the server and
> client
> > agree on the same ports of course.)
> >
> > I've spent an inordinate ammount of time getting nowhere with Google, as
> it
> > seems all the realy useful FreeBSD forum archives are long gone. (404
> errors.
> > Why?) So I need help from the collective please.
> >
> > (I also still can't get onto the IRC channel(s) for FreeBSD, but that's
> another
> > issue.)
> >
> > I can already do what I want just fine, when physically connected to the
> LAN
> > with either of the portable PC's I often carry with me, so it's just
> those blessed
> > port numbers I need to nail to the floor, so I can tunnel them via the
> SSH link.
> >
> > Best Regards, and cheers to All.
> >
> > Dave B.
> >
> > PS: If anyone knows of a good blow by blow walk through, showing how to
> > setup Pure-FTPD correctly (other than just use it's basic install) not
> needing SQL
> > databases (Why complicate things?) I'd like to know for the future.
> >
> > Its documentation may be plentiful, but its pure crud to read, even when
> > imported into a decent reader so it doesn't hurt the eyes! :) Plus I
> know zilch
> > re SQL databases, so that's a non starter for me anyway.
> >
> > Respond off list if you feel the need.
>
> --
> +-------------------------------+------------------------------------+
> | Vennlig hilsen, | Best regards, |
> | Trond Endrestøl, | Trond Endrestøl, |
> | IT-ansvarlig, | System administrator, |
> | Fagskolen Innlandet, | Gjøvik Technical College, Norway, |
> | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, |
> | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. |
> +-------------------------------+------------------------------------+
>
More information about the freebsd-questions
mailing list