![](https://seccdn.libravatar.org/avatar/6345d1850e5c1128d796a89642e817a5.jpg?s=120&d=mm&r=g)
On Tue, Jan 23, 2001 at 11:18:07PM +0100, Walter Krohe wrote:
Hello everybody !
Hi! See ftp://ftp.suse.com/pub/projects/proxy-suite/devel and read the ftp-proxy-chroot.txt file there.
I ask for friendly help. Maybe my question ist an "Dummie" one.
I have to install on my webserver an ftp service for two guy's who has her domains on it. Up to now I had disabled ftp access at all.
Today I installd on the webserver (running SuSE 6.3, 2.2.13 kernel) the fwproxy-1.7tp5-0.i386.rpm. I added the inted command, modified ftp-proxy.conf (AllowMagicUser -> no/DestinationAdress -> to the default webserver/LogDestination/ServerRoot) Also I added to ftp-proxy.conf: [username] DestinationAdress otherdomain.tld ServerRoot /usr/local/httpd/otherdomain
By trying to connect I get: 421 Service not available, remote server has closed connection Login failed.
The log tells: -i [32076] <01/23-22:48:45> TECH-ERR can't eval DestAddr for 62.224.92.75
You need all libs needed to resolve the hostnames in the ServerRoot.
# its a remote dialin-IP outside the LAN
My idea is: ftp connect to no one, expect 2 users to their http-root directories with full read/write access.
You can use ValidCommands to restrict the USER command
to allowed user names (USER=<regex> - see "man 7 regex"
how to set is).
The chroot into the http-root directory should be done
by the ftp-server - you can use proftpd for this.
Set this in /etc/proftpd.conf:
DefaultRoot ~/http webuser
DefaultRoot ~
in this case proftpd does a chroot into ~/http for all
users of group "webuser" and a chroot into the users
home for all other users.
You can restrict users allowed to login using
/etc/ftpusers... or, of course via the proxy.
Kind regards,
Marius Tomaschewski