FTP server for install link broken?
Hi, am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html with link provided here: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/9.0/FreeBSD-9.0-RELEASE-i386-memstick.img Now unless I've missed something I don't see FreeBSD 9.0 here at all: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/ISO-IMAGES/ Everything upto 8.2 is there but no 9.0 Any news in mean time I found it here: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/ I know am using AMD64 but swap that with i386 and comes down to same result Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP server for install link broken?
On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP server for install link broken?
On 01/27/2012 04:16 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html Oh ok. Anyway as I'm familiar with BSD 8.x I did the install without reading!! My issue was really to find the .img file for USB booting. All done now but can't seem to get Fedora 16's GRUB to boot BSD 9.0 I guess it's time to consult the documentation after all; even though Google'ing provided results that didn't yield answers as the Linux GRUB can't find the partition/slice combo??? Tried chainloading but that didn't work either probably as no boot-loader got loaded into the PBR by default. Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP server for install link broken?
On Fri, 27 Jan 2012, Kaya Saman wrote: On 01/27/2012 04:16 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html Oh ok. Anyway as I'm familiar with BSD 8.x I did the install without reading!! My issue was really to find the .img file for USB booting. All done now but can't seem to get Fedora 16's GRUB to boot BSD 9.0 I guess it's time to consult the documentation after all; even though Google'ing provided results that didn't yield answers as the Linux GRUB can't find the partition/slice combo??? The default install of FreeBSD 9 uses GPT, so there are no slices or FreeBSD (bsdlabel) partitions. Instead of ad0s1a, it would just be ada0p2. Don't know what Linux calls these partitions, though. Tried chainloading but that didn't work either probably as no boot-loader got loaded into the PBR by default. If you want multiboot on a GPT drive, grub2 seems to be the solution. (But I haven't tested it.) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP server for install link broken?
On 01/27/2012 07:22 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: On 01/27/2012 04:16 PM, Warren Block wrote: On Fri, 27 Jan 2012, Kaya Saman wrote: am currently trying to install FreeBSD 9 on my Lenovo X220 and noticed that the link on this page in the FreeBSD Handbook is broken: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/install-pre.html See the header at the top of that page. There is a new chapter for installing 9.0 and later. The equivalent section is http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bsdinstall-pre.html Oh ok. Anyway as I'm familiar with BSD 8.x I did the install without reading!! My issue was really to find the .img file for USB booting. All done now but can't seem to get Fedora 16's GRUB to boot BSD 9.0 I guess it's time to consult the documentation after all; even though Google'ing provided results that didn't yield answers as the Linux GRUB can't find the partition/slice combo??? The default install of FreeBSD 9 uses GPT, so there are no slices or FreeBSD (bsdlabel) partitions. Instead of ad0s1a, it would just be ada0p2. Don't know what Linux calls these partitions, though. Tried chainloading but that didn't work either probably as no boot-loader got loaded into the PBR by default. If you want multiboot on a GPT drive, grub2 seems to be the solution. (But I haven't tested it Thanks Warren for the assistance! I will create a new Subject for my multiboot issue :-) Am just currently trying to get my 'old' Fedora instance from an old HD up and running by booting off USB drive meaning have to re-build initrd.img with USB modules in it. So updating that in order to get the kernel headers since the old kernel is no longer supported. Best regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FTP server at freebsd.isc.org is broken
During an unattended, non-interactive build of many ports this evening I ran into what I think indicates that the FTP server at freebsd.isc.org is broken. Here is what I believe to be evidence, performed from a FreeBSD 8.2 server at one site: site1# fetch -vvp ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/GD-Arrow-0.01.tar.gz scheme: [ftp] user: [] password: [] host: [ftp.freebsd.org] port: [0] document: [/pub/FreeBSD/ports/distfiles/GD-Arrow-0.01.tar.gz] --- ftp.freebsd.org:21 looking up ftp.freebsd.org connecting to ftp.freebsd.org:21 220 Welcome to freebsd.isc.org. USER anonymous 331 Please specify the password. PASS ag...@rose.agile.lan 500 OOPS: cannot change directory:/home/ftp fetch: ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/GD-Arrow-0.01.tar.gz: Syntax error, command unrecognized # echo $FTP_PASSIVE_MODE YES site1# ftp freebsd.isc.org Trying 204.152.184.73... Connected to freebsd.isc.org. 220 Welcome to freebsd.isc.org. Name (freebsd.isc.org:agile): anonymous 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/ftp ftp: Login failed. ftp bye 500 OOPS: priv_sock_get_cmd There's no reason that I know of for anything on my end to be referencing /home/ftp. I get this on a Windoze system from a second site (different LAN, different WAN address, same city, same ISP): C:\ftp freebsd.isc.org Connected to freebsd.isc.org. 220 Welcome to freebsd.isc.org. User (freebsd.isc.org:(none)): anonymous 331 Please specify the password. Password: 500 OOPS: cannot change directory:/home/ftp 500 OOPS: priv_sock_get_cmd Connection closed by remote host. And I found this blog entry dated today in which the author is seeing the same problem: http://salihsblog.blogspot.com/2011/05/freebsd-pkgadd-error-syntax-error.html (http://tinyurl.com/42g7dv5) When problems like this arise, shouldn't the FreeBSD port building mechanisms take advantage of the redundant FreeBSD mirrors to roll over to another working server? I use portmaster for port building and it terminates with this sort of output when this scenario arises: = Attempting to fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/gd-2.0.35.tar.bz2 fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/gd-2.0.35.tar.bz2: Syntax error, command unrecognized = Couldn't fetch it - please try to retrieve this = port manually into /usr/ports/distfiles// and try again. *** Error code 1 Stop in /usr/ports/graphics/gd. What is the recommended way to enable portmaster to be more resilient against such failures? Carl / K0802647 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP server link aggregation
On 12/15/2010 3:11 PM, Matthew Law wrote: I have a single FreeBSD box acting as an FTP server for multiple FreeBSD and Linux clients on the same /24 subnet (all gigabit ethernet). It is currently connected by just one of it's two gig ethernet ports. I also have two cisco switches with an etherchannel between them (using 2 x gig ports on each switch). I would like to connect the remaining NIC on my FreeBSD box to the other switch and enable 802.3ad on those switch ports to aggregate traffic between them. This is in the hope that it can better serve multiple FTP clients. Is my thinking correct? Other than the network interface changes which are documented here: http://www.freebsd.org/doc/handbook/network-aggregation.html are there any further tweaks I could make to improve things? -the server is a 'standard install' and does not use ZFS. It has an adaptec 5408 RAID card with 4 x SATA II drives and, IIRC, 128K stripe size and plenty of RAM. Is there a way of testing this other than initiating large file transfers to this server from multiple hosts? A simple ping from multiple sources to your server will do. LACP will associate each SRCMAC and DSTMAC pair to one physical interface. Creating traffic with many different SRCMAC and DSTMAC pairs will use both physical interfaces. But, I do vaguely remember that if_lagg was not able to perform at 2 * 1Gbps level. Use systat -ifstat to check what's happening and please, post your performance findings to the list! HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FTP server link aggregation
I have a single FreeBSD box acting as an FTP server for multiple FreeBSD and Linux clients on the same /24 subnet (all gigabit ethernet). It is currently connected by just one of it's two gig ethernet ports. I also have two cisco switches with an etherchannel between them (using 2 x gig ports on each switch). I would like to connect the remaining NIC on my FreeBSD box to the other switch and enable 802.3ad on those switch ports to aggregate traffic between them. This is in the hope that it can better serve multiple FTP clients. Is my thinking correct? Other than the network interface changes which are documented here: http://www.freebsd.org/doc/handbook/network-aggregation.html are there any further tweaks I could make to improve things? -the server is a 'standard install' and does not use ZFS. It has an adaptec 5408 RAID card with 4 x SATA II drives and, IIRC, 128K stripe size and plenty of RAM. Is there a way of testing this other than initiating large file transfers to this server from multiple hosts? Many thanks, Matt. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Icelandic FTP server doesn't work? I don't think it's been up for a while?
On Jun 25, 2010, at 13:51 , andrew clarke wrote: On Thu 2010-06-24 23:28:27 UTC+, Svavar Ingi Hermannsson (sva...@security.is) wrote: I just wanted to notify you that the Icelandic ftp mirror site doesn't seam to be working. ftp.is.freebsd.org 21:48 ozzmo...@blizzard [~]host ftp.is.freebsd.org ftp.is.freebsd.org is an alias for ftp1.is.freebsd.org. ftp1.is.freebsd.org has address 130.208.16.26 ftp1.is.freebsd.org has address 130.208.16.31 ftp1.is.freebsd.org has IPv6 address 2001:948:10:16::31 ftp1.is.freebsd.org has IPv6 address 2001:948:10:16::26 ftp1.is.freebsd.org mail is handled by 10 durinn.rhnet.is. I get Connection refused with 130.208.16.31. 130.208.16.26 is OK. I now get 421 Service not available...so it has improved a bit :). For problems with FreeBSD mirrors try the freebsd-hubs Mailinglist (CCed). Also in the handbook http://www.freebsd.org/doc/en/books/handbook/mirrors-ftp.html#HANDBOOK-MIRRORS-CHAPTER-SGML-MIRRORS-IS-FTP lists a contact emailadress you can try to contact (CCed) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Icelandic FTP server doesn't work? I don't think it's been up for a while?
On Thu, 2010-06-24 at 23:28 +, Svavar Ingi Hermannsson wrote: Hi, I just wanted to notify you that the Icelandic ftp mirror site doesn't seam to be working. ftp.is.freebsd.org Best regards, Svavar Ingi Seems to be working ok from here - [cr...@x60:~] $ ftp ftp.is.freebsd.org Trying 130.208.16.26... Connected to ftp1.is.freebsd.org. 220- Velkomin(n) á FTP þjón Rannsóknar og Háskólanets Íslands (RHnet) Þeir sem hafa aðgang að rsync ættu að prófa rsync ftp.rhnet.is:: Eftirfarandi söfn eru á þessum þjóni: Nafn:Slóð: Upprunastaður: FreeBSD /pub/FreeBSD (ftp.freebsd.org) NetBSD /pub/NetBSD (ftp.netbsd.org) OpenBSD /pub/OpenBSD (ftp.openbsd.org) Fedora /pub/fedora (fedora.redhat.com) Debian /pub/debian (ftp.debian.org) Debian-non-US/pub/debian-non-US (ftp.debian.org) SuSE /pub/suse (ftp.suse.com) Linux-Kernel /pub/kernel.org (ftp.kernel.org) GNU /pub/gnu (ftp.gnu.org) PHP /pub/php (www.php.net) XFree86 /pub/XFree86 (ftp.xfree.org) X11 /pub/X11 (ftp.x.org) X11-Contrib /pub/X11-Contrib (ftp.x.org) KDE /pub/kde (ftp.kde.org) CPAN /pub/CPAN (ftp.funet.fi) perl /pub/CPAN/src (ftp.funet.fi) OpenSSH /pub/OpenSSH (ftp.openbsd.org) SSH /pub/ssh (ftp.ssh.com) rsync/pub/rsync (rsync.samba.org) Samba/pub/samba (rsync.samba.org) proFTPD /pub/proftpd (ftp.proftpd.org) Bind /pub/bind (ftp.isc.org) Bind-9 /pub/bind9(ftp.isc.org) DHCP /pub/dhcp (ftp.isc.org) INN /pub/inn (ftp.isc.org) Sendmail /pub/sendmail (ftp.sendmail.org) Squid/pub/squid (ftp.squid-cache.org) PostgreSQL /pub/postgresql (ftp.postgresql.org) MySQL/pub/mysql(mysql.com) OpenOffice /pub/OpenOffice (openoffice.org) RFC /pub/rfc (ftp.isi.edu) Internet-Drafts /pub/internet-drafts (ftp.isi.edu) noattach /pub/noattach Tenging þín hefur verið skráð frá 93.141.187.81.in-addr.arpa Heildarfjöldi notenda er 1 Allar aðgerðir eru skráðar. ftp...@rhnet.is 220 ftp.rhnet.is FTP server (tnftpd 20061204) ready. Name (ftp.is.freebsd.org:craig): anonymous 331 Guest login ok, type your name as password. Password: 230- Please read the file README it was last modified on Sun May 13 23:22:44 2007 - 1138 days ago 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp cd pub/FreeBSD 250- Please read the file README.TXT it was last modified on Sat Jun 19 01:54:21 2004 - 2195 days ago 250 CWD command successful. ftp ls 229 Entering Extended Passive Mode (|||61008|) 150 Opening ASCII mode data connection for '/bin/ls'. total 50 -rw-rw-r-- 1 cvsupin cvsupin 262 Jan 28 05:41 .message -r--rw-r-- 1 cvsupin cvsupin 0 Nov 7 1996 .notar drwxrwxr-x 6 cvsupin cvsupin 512 May 11 14:57 CERT lrwxrwxr-x 1 cvsupin cvsupin15 Oct 26 2006 CTM - development/CTM lrwxrwxr-x 1 cvsupin cvsupin17 Oct 26 2006 CVSup - development/CVSup drwxrwxr-x 4 cvsupin cvsupin 512 Oct 26 2006 ERRATA lrwxrwxr-x 1 cvsupin cvsupin17 Oct 26 2006 FreeBSD-current - branches/-current lrwxrwxr-x 1 cvsupin cvsupin19 Oct 26 2006 FreeBSD-stable - branches/4.0-stable lrwxrwxr-x 1 cvsupin cvsupin25 Oct 26 2006 ISO-IMAGES-alpha - releases/alpha/ISO-IMAGES lrwxrwxr-x 1 cvsupin cvsupin25 Oct 26 2006 ISO-IMAGES-amd64 - releases/amd64/ISO-IMAGES lrwxrwxr-x 1 cvsupin cvsupin24 Oct 26 2006 ISO-IMAGES-i386 - releases/i386/ISO-IMAGES lrwxrwxr-x 1 cvsupin cvsupin24 Oct 26 2006 ISO-IMAGES-ia64 - releases/ia64/ISO-IMAGES lrwxrwxr-x 1 cvsupin cvsupin24 Oct 26 2006 ISO-IMAGES-pc98 - releases/pc98/ISO-IMAGES lrwxrwxr-x 1 cvsupin cvsupin27 Jan 20 2007 ISO-IMAGES-powerpc - releases/powerpc/ISO-IMAGES lrwxrwxr-x 1 cvsupin cvsupin27 Oct 26 2006 ISO-IMAGES-sparc64
Re: Icelandic FTP server doesn't work? I don't think it's been up for a while?
On Thu 2010-06-24 23:28:27 UTC+, Svavar Ingi Hermannsson (sva...@security.is) wrote: I just wanted to notify you that the Icelandic ftp mirror site doesn't seam to be working. ftp.is.freebsd.org 21:48 ozzmo...@blizzard [~]host ftp.is.freebsd.org ftp.is.freebsd.org is an alias for ftp1.is.freebsd.org. ftp1.is.freebsd.org has address 130.208.16.26 ftp1.is.freebsd.org has address 130.208.16.31 ftp1.is.freebsd.org has IPv6 address 2001:948:10:16::31 ftp1.is.freebsd.org has IPv6 address 2001:948:10:16::26 ftp1.is.freebsd.org mail is handled by 10 durinn.rhnet.is. I get Connection refused with 130.208.16.31. 130.208.16.26 is OK. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Icelandic FTP server doesn't work? I don't think it's been up for a while?
Hi, I just wanted to notify you that the Icelandic ftp mirror site doesn't seam to be working. ftp.is.freebsd.org Best regards, Svavar Ingi -- Bestu kveðjur / Best regards, Svavar Ingi Hermannsson, Ráðgjafi - Senior Consultant BSc. CS, LA 27001, CISA, CISM, SCSA, MCP sva...@security.is http://www.linkedin.com/in/SvavarIngiHermannsson http://www.xing.com/profile/SvavarIngi_Hermannsson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
I want to instal a secure ftp server
I need to have ftp access to a machine. I've found pure-ftpd but it was last updated 2007/02/03. I'm aware that it can function very well despite that, but I would like the lists suggestion on what to choose to make ftp access as secure as possible. It will be mainly windows clients accessing the ftp server. I have SAMBA running, but I need a solution for access from the Internet. /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I want to instal a secure ftp server
Hi, I need to have ftp access to a machine. I've found pure-ftpd but it was Hummm, you want the short answer? Don't enable ftp :) Ftp only accepts plain text passwords (until you enable things like kerebos, one time password, etc), so it is not, it cannot be, secure. SFTP is there, working easily, ready to use, with a decent Windows client WinSCP (winscp.net) Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I want to instal a secure ftp server
On 12 March 2010 08:27, Olivier Nicole olivier.nic...@cs.ait.ac.th wrote: Hi, I need to have ftp access to a machine. I've found pure-ftpd but it was Hummm, you want the short answer? Don't enable ftp :) Ftp only accepts plain text passwords (until you enable things like kerebos, one time password, etc), so it is not, it cannot be, secure. SFTP is there, working easily, ready to use, with a decent Windows client WinSCP (winscp.net) Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org enable sftp in ssh and chroot all the users and make the sftp only accounts I wrote this guide for work a year or so ago. It was for solaris but it was using openssh so should work fine on bsd 1. Dont bother with sun ssh it wont work. Opensolaris and later solaris 10 are bundled with openssh though. 2. Make sure openssh version is 5 or above (some 4s do work but 5 better) 3. Add these lines to sshd config Match Group sftponly ChrootDirectory /home/chroot/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp 4. Make sure the Subsystem line is this Subsystem sftpinternal-sftp 5. create the sftponly group on the system 6. put the relevent users in this group. be careful as you will stop them being able to ssh in!! 7. Dead important this bit !!! mkdir -p /home/chroot/user/home/user/.ssh chown -R root /home/chroot/user chown -R user /home/chroot/user chmod -R 755 /home/chroot/user /home/chroot/user/home/user ln -s /home/chroot/user/home/user /home/. 8. Put their ssh keys in /home/chroot/user/home/user/.ssh All should now work ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I want to instal a secure ftp server
krad skrev 2010-03-12 11:07: enable sftp in ssh and chroot all the users and make the sftp only accounts I wrote this guide for work a year or so ago. It was for solaris but it was using openssh so should work fine on bsd 1. Dont bother with sun ssh it wont work. Opensolaris and later solaris 10 are bundled with openssh though. 2. Make sure openssh version is 5 or above (some 4s do work but 5 better) 3. Add these lines to sshd config Match Group sftponly ChrootDirectory /home/chroot/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp 4. Make sure the Subsystem line is this Subsystem sftpinternal-sftp 5. create the sftponly group on the system 6. put the relevent users in this group. be careful as you will stop them being able to ssh in!! 7. Dead important this bit !!! mkdir -p /home/chroot/user/home/user/.ssh chown -R root /home/chroot/user chown -Ruser /home/chroot/user chmod -R 755 /home/chroot/user /home/chroot/user/home/user ln -s /home/chroot/user/home/user /home/. 8. Put their ssh keys in /home/chroot/user/home/user/.ssh All should now work ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org This sounds as a solution I can use :-) Will Windows users be able to use an ftp client to connect? I've never implemented ssh with ftp before so I want to clarify for my understanding. Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I want to instal a secure ftp server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/03/2010 10:37:08, Leslie Jensen wrote: Will Windows users be able to use an ftp client to connect? I've never implemented ssh with ftp before so I want to clarify for my understanding. No, they'll need a SSH/SFTP client to be able to connect. Don't worry though -- the clients work exactly like FTP clients: it's all the underlying stuff that's different and much more secure. Try WinSCP (http://winscp.net/eng/docs/introduction) as a client. It works very much like Norton Commander. Plus it's Free. Or putty for those that prefer a CLI environment (http://www.chiark.greenend.org.uk/~sgtatham/putty/) Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuaHW4ACgkQ8Mjk52CukIz8UwCfZqVcq6UILeVwC+80oNORIO1L Ex0An0fo8tIxfLtr7kMCiGlB3yC/8i8D =DuK8 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: I want to instal a secure ftp server
In the last episode (Mar 12), Matthew Seaman said: On 12/03/2010 10:37:08, Leslie Jensen wrote: Will Windows users be able to use an ftp client to connect? I've never implemented ssh with ftp before so I want to clarify for my understanding. No, they'll need a SSH/SFTP client to be able to connect. Don't worry though -- the clients work exactly like FTP clients: it's all the underlying stuff that's different and much more secure. Try WinSCP (http://winscp.net/eng/docs/introduction) as a client. It works very much like Norton Commander. Plus it's Free. Or putty for those that prefer a CLI environment (http://www.chiark.greenend.org.uk/~sgtatham/putty/) Other excellent sftp clients are: FileZilla - http://www.filezilla-project.org/ muCommander - http://www.mucommander.com/ -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD FTP server error
When I try to log on to FTP I get this error: $ ftp ftp.freebsd.org Trying 204.152.184.73... Connected to ftp.freebsd.org. 500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/local/share/vsftpd/empty Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD FTP server error
Yuri wrote: When I try to log on to FTP I get this error: $ ftp ftp.freebsd.org Trying 204.152.184.73... Connected to ftp.freebsd.org. 500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/usr/local/share/vsftpd/empty Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Aloha Yuri and List, I just tried FTP from Hawaii and the link is dead. ~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740 + http://hawaiidakine.com + http://freebsdinfo.org + + http://aloha50.net - Supporting - FreeBSD 6.* - 7.* - 8.* + email: n...@hdk5.net All that's really worth doing is what we do for others.- Lewis Carrol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FTP server navigation problem
Hi, I use freebsd7.2 and can't access my friend's FTP server (crystal FTP server) from command line. I can't run any command in the ftp server, it only responds Entering Extended passive mode and hang. But when I ftp from windows command prompt, it actually works. So what's the matter with my BSD communication? thanks!! TFC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP server navigation problem
On Mon, 10 Aug 2009 16:36:36 -0400, Tsu-Fan Cheng tfch...@gmail.com wrote: Hi, I use freebsd7.2 and can't access my friend's FTP server (crystal FTP server) from command line. I can't run any command in the ftp server, it only responds Entering Extended passive mode and hang. But when I ftp from windows command prompt, it actually works. So what's the matter with my BSD communication? thanks!! Refer to man ftp. Passive FTP is mentioned as follows: EXTENDED PASSIVE MODE AND FIREWALLS Some firewall configurations do not allow ftp to use extended passive mode. If you find that even a simple ls appears to hang after printing a message such as this: 229 Entering Extended Passive Mode (|||58551|) then you will need to disable extended passive mode with epsv4 off. See the above section The .netrc File for an example of how to make this automatic. Above it states: epsv4 Toggle the use of the extended EPSV and EPRT commands on IPv4 connections; first try EPSV / EPRT, and then PASV / PORT. This is enabled by default. If an extended command fails then this option will be temporarily disabled for the dura- tion of the current connection, or until epsv4 is executed again. You can use this setting either via .netrc or as an interactive command. -- Polytropon From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FTP Server for individual client spaces
I run a small engineering company* that exchanges large files (CAD, etc.) with clients, and I want to keep the docs off my email server by setting up a stand alone FTP server where each client can upload and download its relevant files. As such, my own users/employees should be able to reach every client’s FTP space but each client should only be able to reach his own. As my users finish a doc, they place it in that client’s FTP directory and the client can log in and get it. As such, I don’t want any form of unauthenticated FTP. I’ve tried different combinations of group names and directory permissions without success, but chrooting users doesn’t seem to solve my problem either, and my two favorite BSD books – Tiemann et. al. (Unleashed) and Lucas (Absolute) take the same approach the man pages do, in my opinion, which guides you either into an all anonymous system, or a system suitable for organizations such as software distributors in which clients/users authenticate but then all access the same directory (/pub for example). I could use some help conceptualizing this. Is the solution ftpchroot? If so, it’s not clear how I can chroot each potential client into his own directory, as my understanding is that all chrooted users wind up at the same place (like /var/ftp/pub). Or is the solution that each client gets access to his own home directory; if so, how do I ensure my staff has access to each client’s home directory? Lastly, I’ve also been reading up on PureFTP, which seems to have some advanced configuration potential (including LDAP authentication, something else that interests me) but it’s not clear that using an alternative product is indicated here. This seems like something other organizations must have dealt with, so I must be missing something fundamental. Can someone point me in the right direction? Finally, I’m aware FTP has inherent security liabilities as passwords cross the net in clear text, but I’m not convinced casual users on Windows boxes will be able to manage fun stuff like SSH connections or alternative software, like SCP. In my experience, the “modern” windows user accesses FTP sites using Internet Explorer, which is tremendously underwhelming. As such I am choosing a stand alone box on which no other services are running (mail, X, etc.). Am I right? Or is there some better method that won’t be too complex for the casual Windows user? Thanks advance for the pointers. Randy -- www.therandymon.com *Actually, this is all hypothetical, but I’m learning server admin so I can cross this bridge when the time comes, and having a lot of fun, naturally, since right now my screw ups don’t count! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP Server for individual client spaces
On Friday 10 July 2009 16:10:24 RS Wood wrote: I run a small engineering company* that exchanges large files (CAD, etc.) with clients, and I want to keep the docs off my email server by setting up a stand alone FTP server where each client can upload and download its relevant files. As such, my own users/employees should be able to reach every client’s FTP space but each client should only be able to reach his own. As my users finish a doc, they place it in that client’s FTP directory and the client can log in and get it. As such, I don’t want any form of unauthenticated FTP. [snip] Is the solution ftpchroot? If so, it’s not clear how I can chroot each potential client into his own directory, as my understanding is that all chrooted users wind up at the same place (like /var/ftp/pub). Or is the solution that each client gets access to his own home directory; if so, how do I ensure my staff has access to each client’s home directory? I haven't tried this, but man ftpd.conf suggests something along the lines of: chroot chroot /some/path/%u where the second chroot is the ftp class, and %u will be expanded to the username. Make sure all your external users are in ftp class chroot (by putting their usernames in /etc/ftpchroot), and make /some/path group-owned and group-readable by a group all your staff are in (the group ownership of a directory automatically propagates to new directories created below it). Let us know how it goes! Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP Server for individual client spaces
RS Wood wrote: I run a small engineering company* that exchanges large files (CAD, etc.) with clients, and I want to keep the docs off my email server by setting up a stand alone FTP server where each client can upload and download its relevant files. As such, my own users/employees should be able to reach every client’s FTP space but each client should only be able to reach his own. As my users finish a doc, they place it in that client’s FTP directory and the client can log in and get it. As such, I don’t want any form of unauthenticated FTP. I’ve tried different combinations of group names and directory permissions without success, but chrooting users doesn’t seem to solve my problem either, and my two favorite BSD books – Tiemann et. al. (Unleashed) and Lucas (Absolute) take the same approach the man pages do, in my opinion, which guides you either into an all anonymous system, or a system suitable for organizations such as software distributors in which clients/users authenticate but then all access the same directory (/pub for example). I could use some help conceptualizing this. Is the solution ftpchroot? It works for us, for the users who still need FTP access: # cp /sbin/nologin /sbin/ftp-only # echo /sbin/ftp-only /etc/shells # adduser homedir == /ftp/username shell == /sbin/ftp-only I then: # cd /ftp/username # rm -r .* # echo username /etc/ftpchroot Now, you can create staff accounts in the same way, but set their home directory as /ftp. They'll be able to traverse the entire FTP tree from there. Just ensure that the /ftp directory structure is owned by a group that your staff accounts are in, and that all of the sub directories are modded with appropriate permissions. If so, it’s not clear how I can chroot each potential client into his own directory, as my understanding is that all chrooted users wind up at the same place (like /var/ftp/pub). Or is the solution that each client gets access to his own home directory; Yes, each to their own home dir. if so, how do I ensure my staff has access to each client’s home directory? I'm assuming that your staff will be using FTP as well. Simply assign their home directory to the root FTP directory. Lastly, I’ve also been reading up on PureFTP, which seems to have some advanced configuration potential (including LDAP authentication, something else that interests me) but it’s not clear that using an alternative product is indicated here. This seems like something other organizations must have dealt with, so I must be missing something fundamental. Can someone point me in the right direction? Finally, I’m aware FTP has inherent security liabilities as passwords cross the net in clear text, but I’m not convinced casual users on Windows boxes will be able to manage fun stuff like SSH connections or alternative software, like SCP. Provide them a link to a client software that uses SFTP. I use WinSCP (portable), which defaults to SFTP, and provides the server, username and password fields as soon as it is launched. Hope I didn't miss anything ;) Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: FTP Server for individual client spaces
In the last episode (Jul 10), Steve Bertrand said: RS Wood wrote: Finally, I'm aware FTP has inherent security liabilities as passwords cross the net in clear text, but I'm not convinced casual users on Windows boxes will be able to manage fun stuff like SSH connections or alternative software, like SCP. Provide them a link to a client software that uses SFTP. I use WinSCP (portable), which defaults to SFTP, and provides the server, username and password fields as soon as it is launched. WinSCP is good. Other nice free SFTP clients are FileZilla (has Windows, OS X and Unix versions) and muCommander (Java so it will run on anything). http://www.winscp.net/ http://www.filezilla-project.org/ http://www.mucommander.com/ -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FTP Server for individual client spaces
On Fri, Jul 10, 2009 at 03:10:24PM +0100, RS Wood typed: I run a small engineering company* that exchanges large files (CAD, etc.) with clients, and I want to keep the docs off my email server by setting up a stand alone FTP server where each client can upload and download its relevant files. As such, my own users/employees should be able to reach every client???s FTP space but each client should only be able to reach his own. As my users finish a doc, they place it in that client???s FTP directory and the client can log in and get it. As such, I don???t want any form of unauthenticated FTP. Do your employees need access through the same ftp server? You could serve them any other way (e.g. internally export the entire ftp tree as an NFS or CIFS share). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
No route to host when trying to connect to FTP server on the Internet
Hi, I'm trying to connect to my friend's FTP server but I'm getting a No route to host when trying from my NAT workstation. It works just fine when I connect from my NAT server though. Internet - NAT server (192.168.187.1) - NAT workstation (192.168.187.2) I've been suggested ftp-proxy. It didn't work though. You can see my setup and hopefully other relevant info here: http://pastie.org/453644 Thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No route to host when trying to connect to FTP server on the Internet
On Apr 21, 2009, at 11:40 AM, Redd Vinylene wrote: I'm trying to connect to my friend's FTP server but I'm getting a No route to host when trying from my NAT workstation. It works just fine when I connect from my NAT server though. Internet - NAT server (192.168.187.1) - NAT workstation (192.168.187.2) Presumably you should have a default route set? (Check netstat -r.) If not, consider: route add default 192.168.187.1 Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No route to host when trying to connect to FTP server on the Internet
On Tue, Apr 21, 2009 at 9:13 PM, Chuck Swiger cswi...@mac.com wrote: On Apr 21, 2009, at 11:40 AM, Redd Vinylene wrote: I'm trying to connect to my friend's FTP server but I'm getting a No route to host when trying from my NAT workstation. It works just fine when I connect from my NAT server though. Internet - NAT server (192.168.187.1) - NAT workstation (192.168.187.2) Presumably you should have a default route set? (Check netstat -r.) If not, consider: route add default 192.168.187.1 Regards, -- -Chuck Yeah, the default route is set. Routing works just fine. In fact, it's been working for years. It's just this one FTP server that it won't connect to. -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No route to host when trying to connect to FTP server on the Internet
On Apr 21, 2009, at 1:25 PM, Redd Vinylene wrote: Yeah, the default route is set. Routing works just fine. In fact, it's been working for years. It's just this one FTP server that it won't connect to. Then it could be a legitimate error being returned by a remote router, also. traceroute/mtr to the problematic host could be helpful -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No route to host when trying to connect to FTP server on the Internet
On Tue, Apr 21, 2009 at 10:27 PM, Chuck Swiger cswi...@mac.com wrote: On Apr 21, 2009, at 1:25 PM, Redd Vinylene wrote: Yeah, the default route is set. Routing works just fine. In fact, it's been working for years. It's just this one FTP server that it won't connect to. Then it could be a legitimate error being returned by a remote router, also. traceroute/mtr to the problematic host could be helpful -- -Chuck I think I just got some help on IRC: Pulpie is it on the local network of your firewall and not this computer? me yes! Pulpie thats why you can't connect to it Suggestions on how to fix this problem using pf would be greatly appreciated though. Many thanks! -- http://www.home.no/reddvinylene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No route to host when trying to connect to FTP server on the Internet
Redd Vinylene wrote: On Tue, Apr 21, 2009 at 9:13 PM, Chuck Swiger cswi...@mac.com wrote: On Apr 21, 2009, at 11:40 AM, Redd Vinylene wrote: I'm trying to connect to my friend's FTP server but I'm getting a No route to host when trying from my NAT workstation. It works just fine when I connect from my NAT server though. Internet - NAT server (192.168.187.1) - NAT workstation (192.168.187.2) Presumably you should have a default route set? (Check netstat -r.) If not, consider: route add default 192.168.187.1 Regards, -- -Chuck Yeah, the default route is set. Routing works just fine. In fact, it's been working for years. It's just this one FTP server that it won't connect to. For awhile I had been dealing with a sort similar issuesee here: http://forums.freebsd.org/showthread.php?t=890 There where other issues with it as well but that was the most reproducible. Also sshd didn't work to same remote host either. I recently upgraded the server from 6.2 - 7.1 including updated ports rebuild. That fixed every nagging issue with the system including nat/routing stuff. My best guess is there was some issues w/ pf in 6.2 as no config files for application got changed including fw rules yet now it works. -- Adam Vandemore Systems Administrator IMED Mobility (605) 498-1610 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: No route to host when trying to connect to FTP server on the Internet
On Apr 21, 2009, at 1:35 PM, Redd Vinylene wrote: I think I just got some help on IRC: Pulpie is it on the local network of your firewall and not this computer? me yes! Pulpie thats why you can't connect to it Suggestions on how to fix this problem using pf would be greatly appreciated though. Many thanks! The canonical method would be to set up split DNS, or even just add an /etc/hosts entry with the hostname listing the LAN IP rather than an external IP. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ftp server: create/delete user by web interface
Hello Sebastian Sorry for the delay but I was very bussy. Am Thu, Sep 04, 2008 at 09:31:03AM +0200 Sebastian Tymków schrieb: Have you tried cpanel or webmin ? I checked webmin but not very depth. Or maybe you're looking for solution like ftp server and accounts in database ? This is a possible way. Probably the combination ftp users in a database is ok. Which one is the best solution? I've three FreeBSD 7.0 server. Im looking for a combination where I can create/delete etc. ftp users as a non-root user (probably from a template). Regards, -- Martin Schweizer [EMAIL PROTECTED] PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp server: create/delete user by web interface
Hello, 2008/9/8 Martin Schweizer [EMAIL PROTECTED] Or maybe you're looking for solution like ftp server and accounts in database ? This is a possible way. Probably the combination ftp users in a database is ok. Which one is the best solution? I've three FreeBSD 7.0 server. Im looking for a combination where I can create/delete etc. ftp users as a non-root user (probably from a template). I haven't used such solution,but you can try pureftpd+sql backed or vsftpd with mysql backed. Best regards, Sebastian Tymków ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp server: create/delete user by web interface
Hello, Have you tried cpanel or webmin ? Or maybe you're looking for solution like ftp server and accounts in database ? Best regards, Sebastian Tymków 2008/9/4 Martin Schweizer [EMAIL PROTECTED] Hello I've three FreeBSD 7.0 server. Im looking for a combination where I can create/delete etc. ftp users as a non-root user (probably from a template). Do you have some hints which combinations works in such a constellation? Regards, -- Martin Schweizer [EMAIL PROTECTED] PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ftp server: create/delete user by web interface
Hello I've three FreeBSD 7.0 server. Im looking for a combination where I can create/delete etc. ftp users as a non-root user (probably from a template). Do you have some hints which combinations works in such a constellation? Regards, -- Martin Schweizer [EMAIL PROTECTED] PC-Service M. Schweizer GmbH; Bannholzstrasse 6; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch; public key : http://www.pc-service.ch/pgp/public_key.asc; fingerprint: EC21 CA4D 5C78 BC2D 73B7 10F9 C1AE 1691 D30F D239; ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind firewall?
On Thu, 17 Apr 2008 07:59:20 +0300, Manolis Kiagias [EMAIL PROTECTED] wrote: Running an FTP behind a home DSL router is perfectly possible. You will just have to open a range of ports on the router itself eg 25000-25050 and forward them to your ftp server internal IP address. Then set the FTP server to only use these ports for passive transfers. Thanks guys, I think I'll try this, as it's the easiest to allow VB clients to upload files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind firewall?
On Apr 17, 2008, at 12:59 , Manolis Kiagias wrote: Gilles wrote: On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel [EMAIL PROTECTED] wrote: What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html Unfortunately, the router/NAT firewall can be neither replaced nor tweaked, since it's a modem/router provided by our ISP. Actually, we don't necessarily need an FTP. Whatever solution to send files is fine, provided I can add this feature in a VB Classic client application. Hi, May be you can consider using sshd + sftp on Server. (Single Port for just about everything, see below) PSCP or PSFTP (from same as PuTTY) allow send / receive file via command line, eg. you can issue exec from VB to send files. pscp [options] source [source...] [EMAIL PROTECTED]:target (PSFTP is prefer over PSCP, but PSCP is simple) http://www.putty.nl/download.html Also, bind sshd on high port will prevent too many port scan and the connection is consider to be more secure than ftp. IMHO, sftp is more easily managed than ftp in the long run (Both Server and Client). ps. I also use ssh to forward 3389, the M$ Terminal Server (even XP has one), no need for PC ANYWHERE. If you need to solve problem remotely, you don't need to open another port (PC ANYWHERE needs 2). J. Running an FTP behind a home DSL router is perfectly possible. You will just have to open a range of ports on the router itself eg 25000-25050 and forward them to your ftp server internal IP address. Then set the FTP server to only use these ports for passive transfers. For example, I am using ftp/proftpd and have this directive in the configuration file: PassivePorts 25000-25050 You will, of course, need to forward port 21 as well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind firewall?
On Thursday 17 April 2008 04:32:41 Gilles wrote: Actually, we don't necessarily need an FTP. Whatever solution to send files is fine, provided I can add this feature in a VB Classic client application. Depends a bit on the max filesize and number of files. You can do a HTTP POST request, using a simple upload script (numerous examples of those to be found on the web). Of course, the traffic for that is larger since it will be base64 encoded. On the plus side, you don't need local user accounts on the ftp server, while still having full control over where the files end up. This can get tedious if you have multiple small files, or filesizes in the order 100M. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FTP server behind firewall?
Hello We have FreeBSD server on our private LAN behind a NAT firewall on which I'd like to add an FTP server so that customers can send us stuff. Problem is, since customers might have a NAT firewall on their end, the client application must connect in passive mode... but this just moves the problem to our end, where the FTP server will open a random port for data... to which the client will fail connecting since our NAT firewall is keeping them out of our LAN :-/ Is there a way to keep our server in the private LAN and still provide a way for customers to upload data? Hard-code the socket number used by the FTP server for data? Use a different type of server? Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind firewall?
Gilles wrote: Hello We have FreeBSD server on our private LAN behind a NAT firewall on which I'd like to add an FTP server so that customers can send us stuff. Problem is, since customers might have a NAT firewall on their end, the client application must connect in passive mode... but this just moves the problem to our end, where the FTP server will open a random port for data... to which the client will fail connecting since our NAT firewall is keeping them out of our LAN :-/ Is there a way to keep our server in the private LAN and still provide a way for customers to upload data? Hard-code the socket number used by the FTP server for data? Use a different type of server? What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html --Jon Radel smime.p7s Description: S/MIME Cryptographic Signature
Re: FTP server behind firewall?
On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel [EMAIL PROTECTED] wrote: What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html Unfortunately, the router/NAT firewall can be neither replaced nor tweaked, since it's a modem/router provided by our ISP. Actually, we don't necessarily need an FTP. Whatever solution to send files is fine, provided I can add this feature in a VB Classic client application. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind firewall?
Gilles wrote: On Wed, 16 Apr 2008 22:06:24 -0400, Jon Radel [EMAIL PROTECTED] wrote: What control do you have over the firewall? One of the cleaner solutions would be to run an ftp proxy on the firewall, such as that supplied with pf. See ftp-proxy(8) or http://www.openbsd.org/faq/pf/ftp.html Unfortunately, the router/NAT firewall can be neither replaced nor tweaked, since it's a modem/router provided by our ISP. Actually, we don't necessarily need an FTP. Whatever solution to send files is fine, provided I can add this feature in a VB Classic client application. Running an FTP behind a home DSL router is perfectly possible. You will just have to open a range of ports on the router itself eg 25000-25050 and forward them to your ftp server internal IP address. Then set the FTP server to only use these ports for passive transfers. For example, I am using ftp/proftpd and have this directive in the configuration file: PassivePorts 25000-25050 You will, of course, need to forward port 21 as well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: looking for something like an embedded ftp server
On 4/11/07, Pieter de Goeje [EMAIL PROTECTED] wrote: On Wednesday 11 April 2007, David J Brooks wrote: On Wednesday 11 April 2007 12:26:42 pm Derrill Guilbert wrote: I've been given an old machine, and asked to turn it into an ftp server. It will got on its own IP, separate from the one our LAN uses. It will have three read-only users and maybe five read/write users. It will contain design data that we're transferring to the offices in China. That is, we will upload it from here in at the main office, and the China staff will download it to implement the little containers we're building. This does not need to be secure beyond password protection necessarily, though some sort of secure FTP would be fine. What I would really prefer is some sort of BSD based simple FTP server setup. I've found several BSD based router/firewall/whatever servers out there, such as m0n0wall and pfsense, among others, and I would like something that simple for an FTP server. That is, I want to be able to install the server and then only have to configure users, no mess with hardening things and setting up pf or so ... Does such a thing exist? Am I needlessly complicating things for myself in another way (often the case, I'm little more than a user when it comes to FreeBSD)? Any kind of guidance on this topic would be appreciated --- if what I want to do can be done with a custom install of FreeBSD, that'd be wonderful also. Thank you in advance for any guidance. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ftp.html You can also run ftpd without inetd: adding ftpd_enable=YES to /etc/rc.conf should do the trick. I actually know how to set up a FreeBSD machine with FTP server, but was hoping there was something simpler - and therefore quicker, and theoretically more secure out of the box, with essentially nothing else running? I suppose this may be a silly request. :) Regardless, thank you for the link and the rc.conf suggestion. Derrill ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: looking for something like an embedded ftp server
On 2007/04/12 7:57, Derrill Guilbert seems to have typed: I actually know how to set up a FreeBSD machine with FTP server, but was hoping there was something simpler - and therefore quicker, and theoretically more secure out of the box, with essentially nothing else running? I suppose this may be a silly request. :) Regardless, thank you for the link and the rc.conf suggestion. Simpler? No. More Secure? Yes. /usr/ports/ftp/pure-ftpd ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: looking for something like an embedded ftp server
On Apr 11, 2007, at 1:26 PM, Derrill Guilbert wrote: What I would really prefer is some sort of BSD based simple FTP server setup. I've found several BSD based router/firewall/whatever servers out there, such as m0n0wall and pfsense, among others, and I would like something that simple for an FTP server. That is, I want to be able to install the server and then only have to configure users, no mess with hardening things and setting up pf or so ... What about FreeNAS(1): http://www.freenas.org/ 1) I've never tried this myself, so I don't know how easy just the FTP portion is... Regards, -Tom -- Tom Ierna President Shockergroup, Inc. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: looking for something like an embedded ftp server
Hello David, Wednesday, April 11, 2007, 9:12:17 PM, you wrote: On Wednesday 11 April 2007 12:26:42 pm Derrill Guilbert wrote: I've been given an old machine, and asked to turn it into an ftp server. It will got on its own IP, separate from the one our LAN uses. It will have three read-only users and maybe five read/write users. It will contain design data that we're transferring to the offices in China. That is, we will upload it from here in at the main office, and the China staff will download it to implement the little containers we're building. This does not need to be secure beyond password protection necessarily, though some sort of secure FTP would be fine. What I would really prefer is some sort of BSD based simple FTP server setup. I've found several BSD based router/firewall/whatever servers out there, such as m0n0wall and pfsense, among others, and I would like something that simple for an FTP server. That is, I want to be able to install the server and then only have to configure users, no mess with hardening things and setting up pf or so ... Does such a thing exist? Am I needlessly complicating things for myself in another way (often the case, I'm little more than a user when it comes to FreeBSD)? Any kind of guidance on this topic would be appreciated --- if what I want to do can be done with a custom install of FreeBSD, that'd be wonderful also. Thank you in advance for any guidance. Try pure-ftpd in the ports collection. It's nice that it supports virtual users (so you don't need to have system users for each user who uses the ftp), bandw. throttling, and lots of other nice things. It's also reasonably small. Apart from that, you only need ssh access to the box to configure things when needed, and you're ready to go. -- Best regards, Ghirai. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
looking for something like an embedded ftp server
I've been given an old machine, and asked to turn it into an ftp server. It will got on its own IP, separate from the one our LAN uses. It will have three read-only users and maybe five read/write users. It will contain design data that we're transferring to the offices in China. That is, we will upload it from here in at the main office, and the China staff will download it to implement the little containers we're building. This does not need to be secure beyond password protection necessarily, though some sort of secure FTP would be fine. What I would really prefer is some sort of BSD based simple FTP server setup. I've found several BSD based router/firewall/whatever servers out there, such as m0n0wall and pfsense, among others, and I would like something that simple for an FTP server. That is, I want to be able to install the server and then only have to configure users, no mess with hardening things and setting up pf or so ... Does such a thing exist? Am I needlessly complicating things for myself in another way (often the case, I'm little more than a user when it comes to FreeBSD)? Any kind of guidance on this topic would be appreciated --- if what I want to do can be done with a custom install of FreeBSD, that'd be wonderful also. Thank you in advance for any guidance. Derrill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: looking for something like an embedded ftp server
On Wednesday 11 April 2007 12:26:42 pm Derrill Guilbert wrote: I've been given an old machine, and asked to turn it into an ftp server. It will got on its own IP, separate from the one our LAN uses. It will have three read-only users and maybe five read/write users. It will contain design data that we're transferring to the offices in China. That is, we will upload it from here in at the main office, and the China staff will download it to implement the little containers we're building. This does not need to be secure beyond password protection necessarily, though some sort of secure FTP would be fine. What I would really prefer is some sort of BSD based simple FTP server setup. I've found several BSD based router/firewall/whatever servers out there, such as m0n0wall and pfsense, among others, and I would like something that simple for an FTP server. That is, I want to be able to install the server and then only have to configure users, no mess with hardening things and setting up pf or so ... Does such a thing exist? Am I needlessly complicating things for myself in another way (often the case, I'm little more than a user when it comes to FreeBSD)? Any kind of guidance on this topic would be appreciated --- if what I want to do can be done with a custom install of FreeBSD, that'd be wonderful also. Thank you in advance for any guidance. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ftp.html David -- bureaucracy, n: A method for transforming energy into solid waste. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: looking for something like an embedded ftp server
On Wednesday 11 April 2007, David J Brooks wrote: On Wednesday 11 April 2007 12:26:42 pm Derrill Guilbert wrote: I've been given an old machine, and asked to turn it into an ftp server. It will got on its own IP, separate from the one our LAN uses. It will have three read-only users and maybe five read/write users. It will contain design data that we're transferring to the offices in China. That is, we will upload it from here in at the main office, and the China staff will download it to implement the little containers we're building. This does not need to be secure beyond password protection necessarily, though some sort of secure FTP would be fine. What I would really prefer is some sort of BSD based simple FTP server setup. I've found several BSD based router/firewall/whatever servers out there, such as m0n0wall and pfsense, among others, and I would like something that simple for an FTP server. That is, I want to be able to install the server and then only have to configure users, no mess with hardening things and setting up pf or so ... Does such a thing exist? Am I needlessly complicating things for myself in another way (often the case, I'm little more than a user when it comes to FreeBSD)? Any kind of guidance on this topic would be appreciated --- if what I want to do can be done with a custom install of FreeBSD, that'd be wonderful also. Thank you in advance for any guidance. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ftp.html You can also run ftpd without inetd: adding ftpd_enable=YES to /etc/rc.conf should do the trick. Cheers, Pieter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Setting up an ftp server for anonymous use, freebsd 6.2
On 2/10/07, George Greene [EMAIL PROTECTED] wrote: i would like to use freebsd 6.2 to setup an ftp server that allows anonymous access and does not allow those anonymous user to see any other directories other than the pub directory where the files will reside. The easiest way to do so is via sysinstall: - become root - /usr/sbin/sysinstall - choose Configure, then Networking, then Anon FTP - set the options at your will... thanks, g. -- Pietro Cerutti ICQ: 117293691 PGP: 0x9571F78E - ASCII Ribbon Campaign - against HTML e-mail and proprietary attachments www.asciiribbon.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Setting up an ftp server for anonymous use, freebsd 6.2
i would like to use freebsd 6.2 to setup an ftp server that allows anonymous access and does not allow those anonymous user to see any other directories other than the pub directory where the files will reside. so far i have been able to turn on the ftp server. in the file, inetd.conf i removed the # from the line. i then ran inetd. i checked to see if the server was running, ftp [EMAIL PROTECTED], and i got back the user and password prompts. so it's working. but, when i move to another machine, the ftp server does not answer. ssh works though. i can ssh into the freebsd box from another machine. when i type in anonymous as the user name, the login fails, and i don't even get the password prompt. i do not see /etc/ftphosts, /etc/ ftpwelcome, /etc/ftpmotd/, /var/ftp/, /var/ftp/pub/, /var/ftp/bin, / etc/xinetd.conf i been reading freebsd unleashed, an old edition, but i don't understand how the setup anonymous ftp access. please help. thanks, g. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: I am unable to connect to my ftp server from anything other than the local host
Ok, just so everyone knows the problem I was having where I was getting a 421 error when trying to connect to my ftp server was due to an error on my part when setting up ftpd. I had it both in rc and in inetd.conf. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
I am unable to connect to my ftp server from anything other than the local host
When I try to ftp localhost I get this: [EMAIL PROTECTED] ~]$ ftp localhost Trying ::1... Connected to localhost. 220- Welcome message goes here :D 220 tester FTP server (Version 6.00LS) ready. 331 Guest login ok, send your email address as password. 230- READ OR DIE!!1 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. However, when I attempt to ftp to the box's ip I get: [EMAIL PROTECTED] ~]$ ftp 192.168.1.108 Connected to 192.168.1.108. 421 Service not available, remote server has closed connection. I'm running bsd 6.1. I keep reading online that when that happens, it is due to a problem with some config file. I don't think there is a problem with it but I've listed it just in case. pam file in /etc/pam.d/ftp # auth authrequiredpam_nologin.so no_warn authsufficient pam_opie.so no_warn no_fake_prompts authrequisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn #auth sufficient pam_ssh.so no_warn try_first_pass authrequiredpam_unix.so no_warn try_first_pass # account #accountrequiredpam_krb5.so account requiredpam_unix.so # session session requiredpam_permit.so The program is the regular ftpd that comes with bsd. I'm using inetd it with a line in inetd.conf: ftpstream tcp nowait root/usr/local/libexec/ftpd ftpd -l -l I also have a line in my passwd file for ftp as anonymous: ftp:*:14:5:Anonymous FTP Admin:/home/ftp:/nonexistent ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I am unable to connect to my ftp server from anything other than the local host
Guillermo Gonzalez [EMAIL PROTECTED] wrote: When I try to ftp localhost I get this: [EMAIL PROTECTED] ~]$ ftp localhost Trying ::1... Connected to localhost. 220- Welcome message goes here :D 220 tester FTP server (Version 6.00LS) ready. 331 Guest login ok, send your email address as password. 230- READ OR DIE!!1 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. However, when I attempt to ftp to the box's ip I get: [EMAIL PROTECTED] ~]$ ftp 192.168.1.108 Connected to 192.168.1.108. 421 Service not available, remote server has closed connection. First, check to see that ftpd is listening on that address: sockstat -4 If you don't see the program listening, you'll have to tweak your ftpd config. If the program is listening, check your settings for any packet filters. Are you running pf or ipfw? I don't know where you got the idea that you should worry about pam, but the fact that you can log in shows that your auth configuration is correct. -Bill ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Make my own CD ROM bootable from this ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ?
Or use bittorrent if you're way out in the cut ~BAS On Sat, 29 Jul 2006, Bryan Bonifacio wrote: Why don't you just download the CD image and burn that onto a CD? Go to ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/6.1/ --- Stojance [EMAIL PROTECTED] wrote: Dear FreeBSD Can I make my own bootable CD from FreeBSD, actually from the ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ? I really need it. I can't pay for your CD ROM so any help would be very much appreciated. I'll download everything and put it on a CD and burn it under Nero as a bootable CD. Please Help ME ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back in the heady days when helpdesk meant nothing, diskquota meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind router/gateway
On Thursday 14 September 2006 17:40, [EMAIL PROTECTED] wrote: I have a FreeBSD 6.1 box running behind a router/gateway. When it tries to go into passive mode, it returns it's internal 192.168. ip address to the client which the client stupidly uses to try to connect to. I've confirmed this by tyring to FTP from several external systems (windows linux). Is there anyway to get the FreeBSD box to return the external address without making it act as the router/gateway? In addition to what Andreas said: The problem is not the router/gateway in front of the ftp. The problem is the internal address the ftp server has and the nat that the router has to do. FreeBSD knows nothing about the external address... I think you'll have better results getting a second IP address for your ftp server and just route packets. Or you could search for an ftp server with this feature and/or a router with a big bag of tricks(similar to ftp-proxy FreeBSD has) I would go for a second IP address if that was a choice Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FTP server behind router/gateway
I have a FreeBSD 6.1 box running behind a router/gateway. When it tries to go into passive mode, it returns it's internal 192.168. ip address to the client which the client stupidly uses to try to connect to. I've confirmed this by tyring to FTP from several external systems (windows linux). Is there anyway to get the FreeBSD box to return the external address without making it act as the router/gateway? Thanks, Marty ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind router/gateway
That is more a matter for your router. Your router should be wrapping the internal address with a public one. Be sure you are forwarding all the ports needed for ftp. -Derek At 09:40 AM 9/14/2006, [EMAIL PROTECTED] wrote: I have a FreeBSD 6.1 box running behind a router/gateway. When it tries to go into passive mode, it returns it's internal 192.168. ip address to the client which the client stupidly uses to try to connect to. I've confirmed this by tyring to FTP from several external systems (windows linux). Is there anyway to get the FreeBSD box to return the external address without making it act as the router/gateway? Thanks, Marty ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FTP server behind router/gateway
On Thu, 14 Sep 2006 16:40:18 +0200, [EMAIL PROTECTED] wrote: I have a FreeBSD 6.1 box running behind a router/gateway. When it tries to go into passive mode, it returns it's internal 192.168. ip address to the client which the client stupidly uses to try to connect to. I've confirmed this by tyring to FTP from several external systems (windows linux). Is there anyway to get the FreeBSD box to return the external address without making it act as the router/gateway? Thanks, Marty Maybe this site will help a bit: http://slacksite.com/other/ftp.html Andreas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
rc.firewall rule for passive FTP from FTP server side
It appears that FTP clients using FTP are not able to interact passively
with my FTP server. I am wondering if there is a rule somebody could
point me to that works rather well.
${ip} is the IP address fo the server (not the client).
this does not work.
snip
#/** Allow setup of FTP PASSIVE **/
${fwcmd} add allow tcp from ${ip} to any 1024-65534 keep-state
${fwcmd} add allow tcp from ${ip} to any 21 keep-state
--- snip
cheers,
Noah
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Can I Make my own CD ROM bootable from this ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ?
Dear FreeBSD Can I make my own bootable CD from FreeBSD, actually from the ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ? I really need it. I can't pay for your CD ROM so any help would be very much appreciated. I'll download everything and put it on a CD and burn it under Nero as a bootable CD. Please Help ME ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Make my own CD ROM bootable from this ftp server:
Dear FreeBSD Can I make my own bootable CD from FreeBSD, actually from the ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ? I really need it. I can't pay for your CD ROM so any help would be very much appreciated. I'll download everything and put it on a CD and burn it under Nero as a bootable CD. Just download the CD ISO image and burn it. The image is already a bootable ISO so don't try to do any conversions. Just burn it and boot it. I don't know Nero so I don't know what choices it offers. But, generally you just want a plain burn plus fixate. jerry Please Help ME ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Make my own CD ROM bootable from this ftp server:
On Jul 29, 2006, at 2:04 PM, Jerry McAllister wrote: Dear FreeBSD Can I make my own bootable CD from FreeBSD, actually from the ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ? I really need it. I can't pay for your CD ROM so any help would be very much appreciated. I'll download everything and put it on a CD and burn it under Nero as a bootable CD. Just download the CD ISO image and burn it. The image is already a bootable ISO so don't try to do any conversions. Just burn it and boot it. I don't know Nero so I don't know what choices it offers. But, generally you just want a plain burn plus fixate. jerry Please Help ME All ISO's posted the FreeBSD sites (and other BSD and Linux sites for that matter) are bootable media; the only time that you should be creating bootable media is when you, yourself, are making a bootdisk from files. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Make my own CD ROM bootable from this ftp server:
On Saturday 29 July 2006 16:04, Jerry McAllister wrote: I don't know Nero so I don't know what choices it offers. But, generally you just want a plain burn plus fixate. in nero, there is one of the upper drop down menus thats has burn image. that is the only thing one needs to do to successfully burn a .iso file into a bootable image. cheers, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can I Make my own CD ROM bootable from this ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ?
Why don't you just download the CD image and burn that onto a CD? Go to ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/6.1/ --- Stojance [EMAIL PROTECTED] wrote: Dear FreeBSD Can I make my own bootable CD from FreeBSD, actually from the ftp server: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE ? I really need it. I can't pay for your CD ROM so any help would be very much appreciated. I'll download everything and put it on a CD and burn it under Nero as a bootable CD. Please Help ME ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
On 5/25/06, Mikhail Goriachev [EMAIL PROTECTED] wrote: Yeah, I agree. I forced my users to use SFTP through FileZilla on windows. They actually think they're using FTP instead of SFTP. So everyone is happy including me. Isn't it a problem that they can't be chrooted? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
Lars Stokholm wrote: On 5/25/06, Mikhail Goriachev [EMAIL PROTECTED] wrote: Yeah, I agree. I forced my users to use SFTP through FileZilla on windows. They actually think they're using FTP instead of SFTP. So everyone is happy including me. Isn't it a problem that they can't be chrooted? You could look at rssh which can restrict logins to just sftp and I believe allows chrooting. Of course, with such a shell you can't then log in to Unix normally. Proftpd will let you configure just about everything and can limit cd, for example, and might do what's required. Configuration is pretty mind-boggling, though, and always leaves me with the nagging doubt that I didn't get everything right, so testing always takes longer too :-( I'm not sure I'd recommend it unless it did really did have a feature that was required. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
On 5/25/06, Lars Stokholm [EMAIL PROTECTED] wrote: On 5/25/06, Mikhail Goriachev [EMAIL PROTECTED] wrote: Yeah, I agree. I forced my users to use SFTP through FileZilla on windows. They actually think they're using FTP instead of SFTP. So everyone is happy including me. Isn't it a problem that they can't be chrooted? The scp only shell allows you to chroot your sftp users. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
Lars Stokholm wrote: On 5/25/06, Mikhail Goriachev [EMAIL PROTECTED] wrote: Yeah, I agree. I forced my users to use SFTP through FileZilla on windows. They actually think they're using FTP instead of SFTP. So everyone is happy including me. Isn't it a problem that they can't be chrooted? Well it depends. In my case: 1.- I'm not hiding anything on the system. 2.- Users' home dirs are chmoded to 700. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
upload-only ftp server
Dear List, I would like to install an ftp server. Some of the users want to upload files to the server. I would not like to start an ftp server at all, because I'm too paranoid. But my users demand it. I looked at the ports tree and I found many ftp servers. I cannot choose between them. Can you recommend one for me? I only need one ftp user (possibly with a password), and upload/list files only. The most important thing is security, and the ability to handle passive transfers. Thanks, Laci ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
User Gandalf wrote: Dear List, I would like to install an ftp server. Some of the users want to upload files to the server. I would not like to start an ftp server at all, because I'm too paranoid. But my users demand it. I looked at the ports tree and I found many ftp servers. I cannot choose between them. Can you recommend one for me? I only need one ftp user (possibly with a password), and upload/list files only. The most important thing is security, and the ability to handle passive transfers. vsftpd does all that and more. its easy to set up too ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
* User Gandalf [EMAIL PROTECTED] [2006-05-24 16:32:55 +0200]: I looked at the ports tree and I found many ftp servers. I cannot choose between them. Can you recommend one for me? Second the recommendation for vsftpd. Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
I use vsftpd -Derek At 09:32 AM 5/24/2006, User Gandalf wrote: Dear List, I would like to install an ftp server. Some of the users want to upload files to the server. I would not like to start an ftp server at all, because I'm too paranoid. But my users demand it. I looked at the ports tree and I found many ftp servers. I cannot choose between them. Can you recommend one for me? I only need one ftp user (possibly with a password), and upload/list files only. The most important thing is security, and the ability to handle passive transfers. Thanks, Laci ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: upload-only ftp server
--On May 24, 2006 4:32:55 PM +0200 User Gandalf [EMAIL PROTECTED] wrote: Dear List, I would like to install an ftp server. Some of the users want to upload files to the server. I would not like to start an ftp server at all, because I'm too paranoid. But my users demand it. I looked at the ports tree and I found many ftp servers. I cannot choose between them. Can you recommend one for me? I only need one ftp user (possibly with a password), and upload/list files only. The most important thing is security, and the ability to handle passive transfers. Is there a reason they can't use sftp? You're most likely already running sshd, which means you already have sftp capabilities builtin. If the issue is usability, there are a number of gui clients available for all platforms (WinSCP for Windows, for example) that make the process painless. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Re: upload-only ftp server
Paul Schmehl wrote: --On May 24, 2006 4:32:55 PM +0200 User Gandalf [EMAIL PROTECTED] wrote: Dear List, I would like to install an ftp server. Some of the users want to upload files to the server. I would not like to start an ftp server at all, because I'm too paranoid. But my users demand it. I looked at the ports tree and I found many ftp servers. I cannot choose between them. Can you recommend one for me? I only need one ftp user (possibly with a password), and upload/list files only. The most important thing is security, and the ability to handle passive transfers. Is there a reason they can't use sftp? You're most likely already running sshd, which means you already have sftp capabilities builtin. If the issue is usability, there are a number of gui clients available for all platforms (WinSCP for Windows, for example) that make the process painless. Yeah, I agree. I forced my users to use SFTP through FileZilla on windows. They actually think they're using FTP instead of SFTP. So everyone is happy including me. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ftp server with no shell accounts
I tried the default ftp server with FreeBSD 5.4 and users with no shell accounts but it does not work. Does anyone know of a ftp server that users would still have home directories but no shell access /sbin/nologin and that could still upload files to there home directories. The default ftpd will work with a little tweaking. 1. touch /bin/ftpshell 2. echo /bin/ftpshell /etc/shells 3. When you add your users, set their shell to /bin/ftpshell 4. echo USERNAME /etc/ftpchroot The users will be able to login via ftp and nothing else because there shell is a crap fake shell. The ftpchroot will lock them into their home directory very effectively. Scott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ftp server with no shell accounts
I tried the default ftp server with FreeBSD 5.4 and users with no shell accounts but it does not work. Does anyone know of a ftp server that users would still have home directories but no shell access /sbin/nologin and that could still upload files to there home directories. Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp server with no shell accounts
On 5/10/06, Sean Murphy [EMAIL PROTECTED] wrote: I tried the default ftp server with FreeBSD 5.4 and users with no shell accounts but it does not work. Does anyone know of a ftp server that users would still have home directories but no shell access /sbin/nologin and that could still upload files to there home directories. I use the scponly shell. -- -- Perfection is just a word I use occasionally with mustard. --Atom Powers-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp server with no shell accounts
On Wednesday 10 May 2006 16:20, Sean Murphy wrote: I tried the default ftp server with FreeBSD 5.4 and users with no shell accounts but it does not work. Does anyone know of a ftp server that users would still have home directories but no shell access /sbin/nologin and that could still upload files to there home directories. Try proftpd in the ports. Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Alaska Paradise \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com --- pgpp77UtmpaZ0.pgp Description: PGP signature
Re: ftp server with no shell accounts
I much prefer the pure-ftpd implementation of virtual users. However, both will get the job done effectively. The only reason I really prefer pure over pro is that pure has never had one root exploit found since release number 1. That's reason enough for me :) On 5/10/06, Beech Rintoul [EMAIL PROTECTED] wrote: On Wednesday 10 May 2006 16:20, Sean Murphy wrote: I tried the default ftp server with FreeBSD 5.4 and users with no shell accounts but it does not work. Does anyone know of a ftp server that users would still have home directories but no shell access /sbin/nologin and that could still upload files to there home directories. Try proftpd in the ports. Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Alaska Paradise \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ftp server
Dear FreeBSD: I can get to your web page www.freebsd.org/cgi//pds.cgi?ports/editors/staroffice52. I can find the staroffice52 info, one of which is sources. when I click on sources I arrive at a page which gives me a lot of ftp sites for downloading so-5 2-ga-bin-linux-en.bin, or 109939-03.tar.Z. However, when I enter ftp.csua.berleley.edu/pub/.1/ports/distfiles/staroffice52/ (no quotes) into my trustry little ftp software package, I cannot connect. I have been able to download openoffice from ftp.freebsd.org, but I don't want openoffice. Is there something wrong with ftp.csua, or is there something with newbe me? Hope you can help, thanks. ___ Try the New Netscape Mail Today! Virtually Spam-Free | More Storage | Import Your Contact List http://mail.netscape.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ftp server
Try ftp://ftp.csua.berleley.edu/pub/.1/ports/distfiles/staroffice52/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, April 23, 2006 9:55 PM To: freebsd-questions@FreeBSD.org Subject: ftp server Dear FreeBSD: I can get to your web page www.freebsd.org/cgi//pds.cgi?ports/editors/staroffice52. I can find the staroffice52 info, one of which is sources. when I click on sources I arrive at a page which gives me a lot of ftp sites for downloading so-5 2-ga-bin-linux-en.bin, or 109939-03.tar.Z. However, when I enter ftp.csua.berleley.edu/pub/.1/ports/distfiles/staroffice52/ (no quotes) into my trustry little ftp software package, I cannot connect. I have been able to download openoffice from ftp.freebsd.org, but I don't want openoffice. Is there something wrong with ftp.csua, or is there something with newbe me? Hope you can help, thanks. ___ Try the New Netscape Mail Today! Virtually Spam-Free | More Storage | Import Your Contact List http://mail.netscape.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp server
I cant even get to ftp://ftp.csua.berleley.edu/pub digging ftp.csua.berleley.edu results in null, so does digging csua.berleley.edu you may want to try a different mirror On 4/23/06, Bret Esquivel [EMAIL PROTECTED] wrote: Try ftp://ftp.csua.berleley.edu/pub/.1/ports/distfiles/staroffice52/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, April 23, 2006 9:55 PM To: freebsd-questions@FreeBSD.org Subject: ftp server Dear FreeBSD: I can get to your web page www.freebsd.org/cgi//pds.cgi?ports/editors/staroffice52. I can find the staroffice52 info, one of which is sources. when I click on sources I arrive at a page which gives me a lot of ftp sites for downloading so-5 2-ga-bin-linux-en.bin, or 109939-03.tar.Z. However, when I enter ftp.csua.berleley.edu/pub/.1/ports/distfiles/staroffice52/ (no quotes) into my trustry little ftp software package, I cannot connect. I have been able to download openoffice from ftp.freebsd.org, but I don't want openoffice. Is there something wrong with ftp.csua, or is there something with newbe me? Hope you can help, thanks. ___ Try the New Netscape Mail Today! Virtually Spam-Free | More Storage | Import Your Contact List http://mail.netscape.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- -Lawrence ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ftp server
On Sunday 23 April 2006 21:19, Lawrence Horvath wrote: I cant even get to ftp://ftp.csua.berleley.edu/pub digging ftp.csua.berleley.edu results in null, so does digging csua.berleley.edu you may want to try a different mirror On 4/23/06, Bret Esquivel [EMAIL PROTECTED] wrote: Try ftp://ftp.csua.berleley.edu/pub/.1/ports/distfiles/staroffice52/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, April 23, 2006 9:55 PM To: freebsd-questions@FreeBSD.org Subject: ftp server Dear FreeBSD: I can get to your web page www.freebsd.org/cgi//pds.cgi?ports/editors/staroffice52. I can find the staroffice52 info, one of which is sources. when I click on sources I arrive at a page which gives me a lot of ftp sites for downloading so-5 2-ga-bin-linux-en.bin, or 109939-03.tar.Z. However, when I enter ftp.csua.berleley.edu/pub/.1/ports/distfiles/staroffice52/ (no quotes) into my trustry little ftp software package, I cannot connect. I don't know anything about this port or the ftp address you are trying to access, but is there a chance that in the ftp address berleley should be replaced with berkeley? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: changeing the port of the ftp server
Date: Wed, 22 Feb 2006 20:58:36 -0800 From: ross [EMAIL PROTECTED] Subject: changeing the port of the ftp server To: freebsd-questions@freebsd.org freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii I can't for the life of me figure out how to change the port of my ftp server. My (crummy) ISP blocks port 21 and I would like to change the default port of the ftp server in order to give access to the outside world. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ Why not move to a better ISP? I don't believe in paying money for crummy ISP service. There's too many good ISPs out there competing for your money. Vote with your wallet and move to an ISP that wants your business. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: changeing the port of the ftp server
You would edit /etc/services to change the standard port numbers FTP uses. Say change port 20 21 to 35520 35521. You also must realize that your public internet users who want to access your FTP server must also change their FTP port numbers to the same ones you used in /etc/services before that can gain access to your FTP server. This method is one way to hide your FTP server from attack because you would only tell your trusted remote users what the new port numbers are. All public attackers would be using the standard port 20 21 to attack you. If you want your public remote users to access your FTP server without having to know the new port number, then this is no solution for you. Now I have not heard of any ISP blocking ports 20/21 before, so I am thinking maybe your firewall is blocking those port number. What test did you run to verify your ISP is blocking those ports? Does your ISP usage agreement say those ports are blocked? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ross Sent: Wednesday, February 22, 2006 11:59 PM To: freebsd-questions@freebsd.org Subject: changeing the port of the ftp server I can't for the life of me figure out how to change the port of my ftp server. My (crummy) ISP blocks port 21 and I would like to change the default port of the ftp server in order to give access to the outside world. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
changeing the port of the ftp server
I can't for the life of me figure out how to change the port of my ftp server. My (crummy) ISP blocks port 21 and I would like to change the default port of the ftp server in order to give access to the outside world. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: changeing the port of the ftp server
--- ross [EMAIL PROTECTED] wrote: I can't for the life of me figure out how to change the port of my ftp server. My (crummy) ISP blocks port 21 and I would like to change the default port of the ftp server in order to give access to the outside world. Assuming the server is running on your gateway/firewall then all you need to do is check the documentation. What are you using as server? __ Find your next car at http://autos.yahoo.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Cant login to FTP server.
Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cant login to FTP server.
Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cant login to FTP server.
Hi, the server is connected directly to the wild, and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cant login to FTP server.
I have now changed my ipnat.rules to this: _SNIP_ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port 21 ftp/tcp map rl0 0/0 - 0/32 proxy port 21 ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 _SNIP_ And then I did ipnat -FC -f /etc/ipnat.rules. I still get the same error. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Cant login to FTP server.
There taken right from the ipfilter section of the handbook. Maybe you should read that section in the handbook. Post the complete contents of your ipf rules and nat rules for review -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 8:59 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, the server is connected directly to the wild, and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving directory listing... Command:PWD Response: 257 /usr/home/alive is current directory. Command:TYPE A Response: 200 Type set to A. Command:PASV Response: 227 Entering Passive Mode (87,49,144,133,237,45) Command:LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command:TYPE A ___SNIP___ /etc/ipf.rules: ___SNIP___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 192.0.2.0/24 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port 3 5 flags S keep state #PASV FTP pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___SNIP___ /etc/ipnat.rules ___SNIP___ map rl0 192.168.0.0/16 - 0.0.0.0/32 proxy port ftp ftp/tcp map rl0 192.168.0.0/16 - 0.0.0.0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/16 - 0.0.0.0/32 ___SNIP___ Might the problem be anywhere else besides my ipf and ipnat configs? Could it be the remote client that's the problem? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL
Re: Cant login to FTP server.
Hi, I've been looking at the FreeBSD handbook's section about ipnat and ipf for a few hours now, but I cannot seem to make this work. Outgoing FTP'ing works just fine. In fact, I have absolutely no problems making outgoing FTP connections from my workstation (Which is behind my server) Also, I have absolutely no problem with making connections to my server from inside my LAN. The problem is when someone tries to connect to my servers FTP server. It just doesnt work! In addition to the rules and log I pasted below, here are my tweaked rulesets: /etc/ipf.rules: ___IPF___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Allow everything on local net pass in on sis0 all pass out on sis0 all # loopback stuff pass in quick on lo0 all pass out quick on lo0 all # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 169.254.0.0/16 to any block in quick on rl0 from 192.0.2.0/24 to any block in quick on rl0 from 204.152.64.0/23 to any block in quick on rl0 from 224.0.0.0/3 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server (Commented out... the Steam Dedicated Server blows) #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS Rcon # Block everything else block in quick on rl0 all ___IPF___ /etc/ipnat.rules __IPNAT__ map rl0 192.168.0.0/29 - 0/32 proxy port 21 ftp/tcp map rl0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map rl0 192.168.0.0/29 - 0/32 portmap tcp/udp 1025:65000 map rl0 192.168.0.0/29 - 0/32 __IPNAT__ On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: There taken right from the ipfilter section of the handbook. Maybe you should read that section in the handbook. Post the complete contents of your ipf rules and nat rules for review -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 8:59 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, the server is connected directly to the wild, and I'm connecting from a remote non-local host. Are you sure that those are ipf rules? They look a lot like ipnat rules. On 2/14/06, fbsd_user [EMAIL PROTECTED] wrote: Daniel You did not say where you were running ftp from. like from LAN box to gateway server or from gateway box to public internet remote ftp site or from public internet remote user to your gateway ftp server. I am guessing its from gateway box to public internet remote ftp site. Your nat rules need to look like this example. You are missing the second rule. map dc0 10.0.10.0/29 - 0/32 proxy port 21 ftp/tcp map dc0 0.0.0.0/0 - 0/32 proxy port 21 ftp/tcp map dc0 10.0.10.0/29 - 0/32 The first rule handles all FTP traffic for the private LAN. The second rule handles all FTP traffic from the gateway. The third rule handles all non-FTP traffic for the private LAN. All the non-FTP gateway traffic is using the public IP address by default so there is no ipnat rule needed. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 7:42 AM To: [EMAIL PROTECTED] Subject: Cant login to FTP server. Hi, I have some FTP login problems. I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled. ___SNIP___ Status: Connecting to dienub.org ... Status: Connected with dienub.org. Waiting for welcome message... Response: 220 m00h.dienub.org FTP server (Version 6.00LS) ready. Command:USER ** Response: 331 Password required for alive. Command:PASS ** Response: 230 User alive logged in. Command:FEAT Response: 500 FEAT: command not understood. Command:SYST Response: 215 UNIX Type: L8 Version: BSD-199506 Status: Connected Status: Retrieving
RE: Cant login to FTP server.
Daniel change this # Allow everything on local net pass in on sis0 all pass out on sis0 all to this # Allow everything on local net pass in quick on sis0 all pass out quick on sis0 all change this pass out quick on rl0 proto tcp all keep state to pass out quick on rl0 proto tcp all flags S keep state change this # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd to this # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 flags S keep state #FTP pass in quick on rl0 proto tcp from any to any port = 22 flags S keep state #SSH pass in quick on rl0 proto tcp from any to any port = 80 flags S keep state #WWW pass in quick on rl0 proto tcp from any to any port = 113 flags S keep state #oidentd Next you say that remote users on the public internet can not ftp into your gateway firewall/ftp box. The way your firewall is configured only passive ftp can pass through. Your public internet remote user has to tell his ftp login request to use passive mode. To allow active native ftp from remote users add this # To allow remote active ftp data channel pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state Your local LAN users can use either passive or active ftp because you have no restrictions as shown by there rules. # Allow everything on local net pass in on sis0 all pass out on sis0 all Here's an very important security point about ftp. FTP passes the login id/pw and data in the clear and it can be captured by a sniffer any place between the remote and host site. Once the valid login id/pw is captured the attacker can gain access to your box as authorized user and then start trying to gain root access after which your box is compromised. Think very hard about allowing native ftp access to you box, it's a very big security risk. You should not be making native ftp available to public login unless you are running a anonymous ftp server within a jail. You should use SSH's sftp which first creates a tunnel between remote and host and then encrypts the login id/pw and the complete data stream. Check the archives for the last few days for thread about seting up ssh. There is a complete step by step how to posted in the thread. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel A. Sent: Tuesday, February 14, 2006 5:37 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Cant login to FTP server. Hi, I've been looking at the FreeBSD handbook's section about ipnat and ipf for a few hours now, but I cannot seem to make this work. Outgoing FTP'ing works just fine. In fact, I have absolutely no problems making outgoing FTP connections from my workstation (Which is behind my server) Also, I have absolutely no problem with making connections to my server from inside my LAN. The problem is when someone tries to connect to my servers FTP server. It just doesnt work! In addition to the rules and log I pasted below, here are my tweaked rulesets: /etc/ipf.rules: ___IPF___ # Let clients behind the firewall send out to the internet, and replies to # come back in by keeping state. pass out quick on rl0 proto tcp all keep state pass out quick on rl0 proto udp all keep state pass out quick on rl0 proto icmp all keep state # Allow everything on local net pass in on sis0 all pass out on sis0 all # loopback stuff pass in quick on lo0 all pass out quick on lo0 all # Since nothing should be coming from these address ranges, block them block in quick on rl0 from 192.168.0.0/16 to any block in quick on rl0 from 172.16.0.0/12 to any block in quick on rl0 from 127.0.0.0/8 to any block in quick on rl0 from 10.0.0.0/8 to any block in quick on rl0 from 169.254.0.0/16 to any block in quick on rl0 from 192.0.2.0/24 to any block in quick on rl0 from 204.152.64.0/23 to any block in quick on rl0 from 224.0.0.0/3 to any # Let's let people access the services running behind this system # Let's let people access the services running on this system pass in quick on rl0 proto tcp from any to any port = 21 #FTP pass in quick on rl0 proto tcp from any to any port = 22 #SSH pass in quick on rl0 proto tcp from any to any port = 80 #WWW pass in quick on rl0 proto tcp from any to any port = 113 #oidentd # Steam Dedicated Server (Commented out... the Steam Dedicated Server blows) #pass in quick on rl0 proto udp from any to any port = 1200 # Friends network #pass in quick on rl0 proto udp from any to any port 26999 27016 # Gameport #pass in quick on rl0 proto udp from any to any port = 27020 #pass in quick on rl0 proto tcp from any to any port 27029 27040 #pass in quick on rl0 proto tcp from any to any port
Standalone FTP server for installs.
I have written an ftp server in perl to aid with installations over ftp. http://www.ludd.luth.se/~pb/perlftp3.pl Do like this: If your release is located in /path_to_relases/5.4-RELEASE on 10.0.0.99 Type on your 10.0.0.99 freebsd machine: perlftp3.pl /path_to_relases 12000 Then start sysinstall on the machine to be installed/configured. Select: 3 FTP Passive Install from an FTP server through a firewall. Select: URL Specify some other ftp site by URL Type: 10.0.0.99:12000/(complete url ftp://10.0.0.99:12000/) Security: Any user/pass combination will do. Will only read files. Locks on the IP of the first client. I hope this ease some installation scenarios. /P ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Installing programs from FreeBSD ftp server.
I experience some problems using the FreeBSD ftp server: I can`t really install anything from it. Is there any other posibilities than ports' make install method? What can I do in this case? Thank you in advance. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
