Date: Tue, 23 Aug 2005 09:05:44 +0800 From: he ccjj <heccjj1@gmail.com> To: freebsd-questions@freebsd.org Subject: pureftpd can't work normally on pureftp--NATD--ipfw--FreeBSD 5.4 Message-ID: <6f9d8a505082218053b2ff769@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I use freebsd 5.4(with OPTION IPFW on and IPFIREWALL_DEFAULT_TO_ACCEPT
on)+apache+pureftp+natd to setup a server used for ftp/web server and
as a getway for share network too.
My network like this:
------(oip:x.x.x.a)------
| |
(oif:em0)-->| |-->(internet getway:x.x.x.254)
^ | |=20
| ---(oip alias0:x.x.x.b)--=20
| =20
| =20
(iif:em1,iip:192.168.100.254)<-------(inet 192.168.100.254/16)<---(intrane=
t) =20
I bind oip:x.x.x.a as httpd and pureftpd serverip,and use
em0_aliase0(x.x.x.b) as natd's interface.
And use of rc.firewall rule: 'open .
So my intranet can share internet normaly through natd on x.x.x.b,and
http server work normaly too.And the users of
intranet(192.168.100.254/16) can visit pureftpd correctly.
My problem is:the users of internet can't visited my pureftpd on
x.x.x.a correctly,The debug information like below.From the erro,it's
like that ipfw rule was wrong.If I cancel em0_alias0(x.x.x.b),and set
natd_interface to (x.x.x.a),it work very well!
Is there some one meet this problem before?Give me help please!
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=09=09*** CuteFTP Pro 6.0 - build Mar 25 2004 ***
STATUS:> =09Getting listing ""...
STATUS:> =09Resolving host name x.x.x.a...
STATUS:> =09Host name x.x.x.a resolved: ip =3D x.x.x.a.
STATUS:> =09Connecting to FTP server x.x.x.a:21 (ip =3D x.x.x.a)...
STATUS:> =09Socket connected. Waiting for welcome message...
=09=09220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
=09=09220-Local time is now 23:07. Server port: 21.
=09=09220 You will be disconnected after 15 minutes of inactivity.
STATUS:> =09Connected. Authenticating...
COMMAND:>=09USER tmp
=09=09331 User tmp OK. Password required
COMMAND:>=09PASS *****
=09=09230-User tmp has group access to: www =20
=09=09230 OK. Current restricted directory is /
STATUS:> =09Login successful.
COMMAND:>=09PWD
=09=09257 "/" is your current location
STATUS:> =09Home directory: /
COMMAND:>=09FEAT
=09=09211-Extensions supported:
=09=09 EPRT
=09=09 IDLE
=09=09 MDTM
=09=09 SIZE
=09=09 REST STREAM
=09=09 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique=
*;
=09=09 MLSD
=09=09 ESTP
=09=09 PASV
=09=09 EPSV
=09=09 SPSV
=09=09211 End.
STATUS:> =09This site supports features.
STATUS:> =09This site supports SIZE.
STATUS:> =09This site can resume broken downloads.
COMMAND:>=09REST 0
=09=09350 Restarting at 0
COMMAND:>=09PASV
=09=09227 Entering Passive Mode (x,x,x,a,158,251)
STATUS:> =09Connecting FTP data socket x.x.x.a:40699...
ERROR:> =09The connection failed due to an error or timeout.
=09=091) Verify that the destination IP address is correct.
......
=09=0912) Verify that your anti-virus software is not at fault (try disabli=
ng it).
ERROR:> =09PASV failed, trying PORT.
STATUS:> =09Waiting 0 seconds...
STATUS:> =09Getting listing "/"...
STATUS:> =09Resolving host name x.x.x.a...
STATUS:> =09Host name x.x.x.a resolved: ip =3D x.x.x.a.
STATUS:> =09Connecting to FTP server x.x.x.a:21 (ip =3D x.x.x.a)...
STATUS:> =09Socket connected. Waiting for welcome message...
=09=09220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
=09=09220-Local time is now 23:08. Server port: 21.
=09=09220 You will be disconnected after 15 minutes of inactivity.
STATUS:> =09Connected. Authenticating...
COMMAND:>=09USER tmp
=09=09331 User tmp OK. Password required
COMMAND:>=09PASS *****
=09=09230-User tmp has group access to: www =20
=09=09230 OK. Current restricted directory is /
STATUS:> =09Login successful.
COMMAND:>=09PWD
=09=09257 "/" is your current location
STATUS:> =09Home directory: /
STATUS:> =09This site supports features.
STATUS:> =09This site supports SIZE.
STATUS:> =09This site can resume broken downloads.
COMMAND:>=09REST 0
=09=09350 Restarting at 0
COMMAND:>=09PORT 192,168,123,104,6,18
=09=09200 PORT command successful
COMMAND:>=09LIST
ERROR:> =09Timeout (60000 ms) occurred on receiving server response.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
content of /etc/rc.conf:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
hostname=3D"x.x.x.a"
ifconfig_em0=3D"inet x.x.x.a netmask 255.255.255.0"
ifconfig_em0_alias0=3D"inet x.x.x.b netmask 255.255.255.0"
ifconfig_em1=3D"inet 192.168.100.254 netmask 255.255.255.0"
defaultrouter=3D"x.x.x.254"
static_routes=3D"inside"
route_inside=3D"-net 192.168.100.254/16 192.168.100.1"
#proxy:
gateway_enable=3D"YES"
firewall_enable=3D"YES"
firewall_type=3D"simple"
natd_enable=3D"YES"
natd_interface=3D"x.x.x.b"
nat_flag=3D"-a x.x.x.b"
#servers:
inetd_enable=3D"YES"
#pureftpd_enable=3D"YES"
apache2_enable=3D"YES"
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
content of /etc/inetd.conf:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
ftp=09stream=09tcp=09nowait=09root=09/usr/local/sbin/pure-ftpd=09pure-ftpd
-Sx.x.x.a,21 -Px.x.x.a -lmysql:/usr/local/etc/pureftpd-mysql.conf -A
-j -D -Oclf:/web/logs/ftp/pureftp.log
#ftp=09stream =09tcp=09nowait=09root=09/usr/local/sbin/pure-ftpd=09pure-ftp=
d
ssh=09stream=09tcp=09nowait=09root=09/usr/sbin/sshd=09=09sshd -i -4
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6f9d8a505082218053b2ff769>