nate,
First, you are correct,
The information I gave you about the Masquerade directive should have been:
MasqueradeAddress external.static.ip#
I gave you and used internal.static.ip#, but internal or external, global or
within the <anonymous> directive, it still doesn't work. With the
external.static.ip masquerade I get this error:
COMMAND:> PASV
227 Entering Passive Mode (external,static,ip,234,160).
COMMAND:> LIST
STATUS:> Connecting ftp data socket external.static.ip:60064...
ERROR:> Can't connect to remote server. Socket error = #10060.
ERROR:> Failed to establish data socket.
and, additionally, (naturally enough) internal network ftp no longer works.
(If using the real external IP had worked for anonymous, not for the
internal network, then I would have thought that assigning another IP
exclusively to the ftp server might have solved the problem, but not now).
I am behind a USRobotics broadband router which has a built in firewall. I
have two boxes, a linux server and a windows 2000 workstation each with
their own what I call "internal" static IP numbers. I am fresh enough to
doubt my understanding of Network Address Translation to need to describe
what I know and let you guess: My external IP number connected to the
Internet connected to the Router is Static. Each box has it's own static
number (no DHCP) connected to the other side of the router. That sounds like
NAT to me, but maybe not. The Router is set up to Exclude All incoming
traffic except when specifically allowed or when in response to a request
coming from within (I think that's how to describe it).
There is no "config" for this router, it's handled via browser window
GUI...you click buttons, but I am reasonably sure it is set up properly for
the situation as the tech support guy walked me through it and I asked
enough questions to get it straight in my head what to do. (And, as it looks
to me, I am being logged in.)
I checked inetd and ftp is <off> (If I didn't say it before, proftpd is set
up as standalone.)
To start and stop I have just been rebooting (this is a small personal setup
and it doesn't matter if I am disconected for a few minutes)...but I would
like to know if there were something like # apachectl stop
Best Wishes!
Mike Olds www.buddhadust.org
-----Original Message-----
From: nate [mailto:debian-user@;aphroland.org]
Sent: Thursday, October 24, 2002 2:56 PM
To: [EMAIL PROTECTED]
Subject: RE: Anonymous Proftp setup problems
Michael Olds said:
> Nate, thank you for this response,
>
> I am behind my router's firewall, but set up with static external and
> internal IPs:
what is the configuraiton? you sure it is setup for static NAT?
are you using NAT at all?(static or dynamic?)
>
> In Proftp (global) I Set up:
> UseReverseDNS off
> IdentLookups off
> MasqueradeAddress 000.000.000.00 of the servers internal IP
> PassivePorts 60000-65535
>
> and set up my router to listen on 21 and 60000-65535
>
> and I still get timed out:
I've never tried these options before...but it looks like from
the doc the MasqueradeAddress needs to be set to the REAL ip
not the NAT'd ip. from your description above it sounds as if you
put the NAT IP in that field.
> I did #fuser -n tcp 21 and got:
> 21/tcp: 230
>
> I really don't know what that means. I do not have a user 230
that means process id 230 is using tcp port 21
i just said run that because you mentioned running a copy of proftpd
and it spit back cannot bind(address already in use).
it is possible that proftpd is configured to run through inetd, check
/etc/inetd.conf and /etc/xinetd.conf(if you have xinetd) to be sure.
I am not famillar with the kind of router you have which allows
it to 'listen' on those ports. a public ftp server that I setup
for my former company is setup using static 1:1 NAT behind a
cisco 2500 series router, the config directive:
ip nat inside source static 10.115.17.195 65.115.17.195
the ftp server is ftp.graphon.com you can try to ftp to it and
grab a file to see, as far as the ftp server is concerned it
has a real IP, the router handles everything, no special
configuration needed on the server itself, its totally transparent.
change the proftpd directive to the real ip of the system if your
currently using the NAT'd ip, and see what happens. If your not sure
proftpd is restarted, shutdown all copies of it, ftp to localhost
to be sure it is not running, run nestat -an | grep 21 to be sure
nothing is using port 21(you may see some TIME_WAIT messages, if
so, wait until they are gone, can take up to 15-20 minutes) then
start proftpd again.
nate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
