[FUG-BR] proftpd jailed
Tiago André Robalo
trobalo em mrna.ist.utl.pt
Ter Maio 9 18:04:51 BRT 2006
ftp> ls
200 PORT command successful
425 Unable to build data connection: Operation timed out
ftp>
Tiago André Robalo wrote:
> Afinal em ms-dos não consigo ver os files, não me lista nada...
>
> No log do proftpd nao vejo nenhum erro...
>
> Sugestões?
>
> Gilberto Villani Brito wrote:
>
>>Estranho, pois meu proftpd roda como nobody e todos os diretórios dos meus usuários
>>são do nobody e nogroup, mas eu uso um arquivo de senhas separado do sistema.
>>--- proftpd.conf
>>...
>>AuthUserFile /etc/passwd.ftp
>>...
>>--- proftpd.conf
>>
>>Abraços
>>Gilberto
>>
>>
>>On Tue, 09 May 2006 15:22:40 +0100
>>Tiago André Robalo <trobalo at mrna.ist.utl.pt> wrote:
>>
>>
>>
>>>O usuário teste é a share que estou tentar aceder. Não tem a ver com o
>>>owner do proftpd.
>>>
>>>
>>>Tiago
>>>
>>>Gilberto Villani Brito wrote:
>>>
>>>
>>>>O proftpd esta rodando com o usuário nobody e o grupo nogroup e o diretório teste
>>>>pertence ao usuário teste e ao grupo wheel.
>>>>Acredito que seja isso.
>>>>
>>>>Abraços
>>>>Gilberto
>>>>
>>>>
>>>>
>>>>On Tue, 09 May 2006 11:42:33 +0200
>>>>trobalo at mrna.ist.utl.pt wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Tenho aqui 1 problema com o proftpd a correr numa jail.
>>>>>
>>>>>-> pf.conf
>>>>>
>>>>>ext_if="em0"
>>>>>
>>>>>ip_ext="*.*.*.*"
>>>>>
>>>>>ip_jail="127.0.0.3"
>>>>>
>>>>>rdr on $ext_if proto tcp from any to $ip_ext port 21 -> $ip_jail port 21
>>>>>rdr on $ext_if proto tcp from any to $ip_ext port 49152:52000 ->
>>>>>$ip_jail port 49152:52000
>>>>>
>>>>>pass in log quick on $ext_if proto tcp from any to $ip_jail port 21
>>>>>flags S/SAFR keep state
>>>>>
>>>>>pass in log quick on $ext_if proto tcp from any to $ip_jail port 49151
>>>>>
>>>>>
>>>>>>< 52001
>>>>>
>>>>>pass out log quick on $ext_if proto tcp from $ip_jail port 49151 ><
>>>>>52001 to any
>>>>>
>>>>>
>>>>>-> proftpd.conf
>>>>>
>>>>>ServerName "SERVER X"
>>>>>ServerType standalone
>>>>>DefaultServer on
>>>>>ScoreboardFile /var/run/proftpd.scoreboard
>>>>>ExtendedLog /var/log/proftpd.log
>>>>>
>>>>>AllowForeignAddress on
>>>>>PassivePorts 49152 52000
>>>>>IdentLookups off
>>>>>UseReverseDNS off
>>>>>DefaultRoot ~ !wheel
>>>>>
>>>>>DisplayConnect /etc/motd
>>>>>Port 21
>>>>>Umask 022
>>>>>
>>>>>MaxInstances 30
>>>>>
>>>>>User nobody
>>>>>Group nogroup
>>>>>
>>>>>AllowOverwrite on
>>>>>
>>>>><Limit SITE_CHMOD>
>>>>> DenyAll
>>>>></Limit>
>>>>>
>>>>>
>>>>>No log do proftpd apenas surge isto quando acesso via browser:
>>>>>
>>>>>
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:23 +0100] "NOOP" 200 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:23 +0100] "CWD
>>>>>/usr/home/teste/" 250 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:23 +0100] "TYPE A" 200 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:23 +0100] "PASV" 227 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:24 +0100] "USER anonymous" 331 -
>>>>>*.*.*.* UNKNOWN nobody [09/May/2006:10:36:24 +0100] "PASS (hidden)" 530 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:24 +0100] "NOOP" 200 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:24 +0100] "CWD
>>>>>/usr/home/teste/" 250 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:24 +0100] "TYPE A" 200 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:24 +0100] "PASV" 227 -
>>>>>*.*.*.* UNKNOWN nobody [09/May/2006:10:36:27 +0100] "USER teste" 331 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:27 +0100] "PASS (hidden)" 230 -
>>>>>*.*.*.* UNKNOWN testee [09/May/2006:10:36:27 +0100] "OPTS utf8 on" 501 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:27 +0100] "PWD" 257 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:27 +0100] "NOOP" 200 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:27 +0100] "CWD
>>>>>/usr/home/teste/" 250 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:27 +0100] "TYPE A" 200 -
>>>>>*.*.*.* UNKNOWN teste [09/May/2006:10:36:27 +0100] "PASV" 227 -
>>>>>
>>>>>
>>>>>Sempre que acedo via firefox ou IE não consigo abrir o FTP, ele mostra
>>>>>a janela de login mas depois devolve 1 mensagem onde diz que para
>>>>>verificar as permissões da folder e que a ligação ao servidor não é
>>>>>possível.
>>>>>
>>>>>drwx------ 3 teste wheel 512 May 8 18:48 teste
>>>>>
>>>>>Contudo, se aceder via ms-dos
>>>>>
>>>>>fazendo ftp
>>>>>open *.*.*.*
>>>>>
>>>>>ele pede o login e abre o FTP.
>>>>>
>>>>>Na firewall nao vejo nada a ser bloqueado...
>>>>>
>>>>>Alguma ideia?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>-------------------------
>>>>>Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>>>Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>>>
>>>>
>>>>-------------------------
>>>>Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>>Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>
>>>-------------------------
>>>Histórico: http://www.fug.com.br/historico/html/freebsd/
>>>Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>>
>>
>>-------------------------
>>Histórico: http://www.fug.com.br/historico/html/freebsd/
>>Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Mais detalhes sobre a lista de discussão freebsd