You guys are the greatest! Here's what the Linksys techie wrote back ... and
my response.
According to him (her?) , what we just did, can't be done.
On Friday 08 March 2002 17:55, you wrote:
> Hi,
>
> Thank you for contacting Linksys Customer Support.
>
> In configuring the Linux servers behind the router, it is recommended that
> you do not set it to passive file transfer.
Are you aware that nearly every browser on the planet is looking for a
passive file transfer? Of the 7 browsers I tried, only MSIE asks for active
file transfers. Gftp defaults to passive transfers as do CuteFTP and
BulletProofFTP.
Here's the solution. The matter was finally resolved about an hour ago.
In /etc/proftpd.conf add the lines
PassivePorts xxxxx xxxxx (choose a fairly large range starting above 1024)
MasqueradeAddress xx.xx.xx.xx (external IP address)
Then,
su to root, and type from the command line:
# service proftpd restart
to cause proftpd to read the changes in the config file.
Then,
In the Linksys/Forward page set port 20 & 21 to the inside IP of the machine
actually hosting the server (192.168.x.x) and add the range in the
PassivePorts directive on another line, pointing to the same inside address.
Case closed.
I'm surprised you guys didn't know how to do this.
Bill
> If you have further questions, please feel free to contact us at
> (800) 326-7114 so that we may further assist you.
>
> Regards,
>
>
> Maileen Estandarte
> Product Support Representative
> Linksys
>
> E-mail address: < maileen.estandarte@linksys.com >
> Website: http://www.linksys.com/
> Firmware http://www.linksys.com/download/firmware.asp
> Linksys Drivers http://www.linksys.com/download/
> Network Everywhere http://www.networkeverywhere.com/
> Network Everywhere Drivers http://www.networkeverywhere.com/downloads.html
> Tech Helper http://www.linksys.com/tech_helper/default.html
>
> If you are responding to this e-mail, please attach all previous
> correspondence as a point of reference.
>
>
>
> ----- Original Message -----
> From: "Bill" <selinuxathome@yahoo.com>
> To: <support@linksys.com>
> Sent: Friday, March 08, 2002 3:42 PM
> Subject: Passive FTP in BEFSR81
>
> > I have the above router feeding two Linux server machines. One has
> > proftpd 1.2.5 on kernel 2.4.17 and the other is running wufptd on kernel
> > 2.2.15.
> >
> > I am able to connect to both server machines with browsers and ftp client
> > software set for active file transfer but not with clients / browsers set
>
> for
>
> > passive file transfer.
> >
> > I have copied an entire (failed) passive transaction below and below
> > that, the (successful) results of an active file transfer transaction
> > using the same client. These are predictable and endlessly reproducible.
> >
> > [bill@a bill]$ pftp organic-earth.com
> > Connected to organic-earth.com.
> > 220 ProFTPD 1.2.5rc1 Server (ProFTPD Anonymous Server) [192.168.1.1]
> > Name (organic-earth.com:bill): anonymous
> > 331 Anonymous login ok, send your complete email address as your
> > password. Password:
> > 230-Welcome to the FTP server at Organic-Earth.com. You have download
> > privileges. We do not host porn, warez, copy-written audio, video or
>
> graphics
>
> > files.. If you notice such files on this server, please advise us by
> > directing email to webmaster@organic-earth.com
> >
> > Sincerely,
> > Bill
> > 230 Anonymous access granted, restrictions apply.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls
> > 227 Entering Passive Mode (192,168,1,1,240,50).
> > ftp: connect: Connection refused
> > ftp>
> >
> >
> > [bill@a bill]$ ftp organic-earth.com
> > Connected to organic-earth.com.
> > 220 ProFTPD 1.2.5rc1 Server (ProFTPD Anonymous Server) [192.168.1.1]
> > Name (organic-earth.com:bill): anonymous
> > 331 Anonymous login ok, send your complete email address as your
> > password. Password:
> > 230-Welcome to the FTP server at Organic-Earth.com. You have download
> > privileges. We do not host porn, warez, copy-written audio, video or
>
> graphics
>
> > files.. If you notice such files on this server, please advise us by
> > directing email to webmaster@organic-earth.com
> >
> > Sincerely,
> > Bill
> > 230 Anonymous access granted, restrictions apply.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls
> > 200 PORT command successful.
> > 150 Opening ASCII mode data connection for file list.
> > d-w--w--w- 2 root nogroup 72 Mar 2 21:05 incoming
> > drwxr-sr-x 6 root ftp 208 Feb 28 20:29 pub
> > -rwxr-xr-x 1 root nogroup 277 Feb 26 08:51 welcome.msg
> > -rw-r--r-- 1 root root 461998 Mar 6 16:17 worldmap802537.gif
> > 226-Transfer complete.
> > 226 Quotas off
> > ftp>
> >
> > As you can see, I am connecting successfully with active file transfer
>
> (ftp
>
> > is active, pftp is passive).
> >
> > I have ports 20-21 opened to this machine and also the range of ports
> > identified by the PassivePorts directive within Proftpd as being used for
> > passive connections (to limit security exploit opportunities) ... xxxxx -
> > xxxxx.
> >
> > This is the output of my port-scanner software when pointed at my url.
> > Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ )
> > Interesting ports on (64.27.213.176):
> > (The 1519 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 21/tcp open ftp
(clipped)
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
> >
> >
> > Any light you might shed on this situation would be most appreciated.
> >
> > TIA
> >
> > Bill Canaday
> >
> > organic-earth.com
> >
> > (if I can ever get this server stuff sorted out so I can get on with
>
> actually
>
> > writing stuff!) :-)
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:55:30 EDT