Hello everybody ! I ask for friendly help. Maybe my question ist an "Dummie" one. I have to install on my webserver an ftp service for two guy's who has her domains on it. Up to now I had disabled ftp access at all. Today I installd on the webserver (running SuSE 6.3, 2.2.13 kernel) the fwproxy-1.7tp5-0.i386.rpm. I added the inted command, modified ftp-proxy.conf (AllowMagicUser -> no/DestinationAdress -> to the default webserver/LogDestination/ServerRoot) Also I added to ftp-proxy.conf: [username] DestinationAdress otherdomain.tld ServerRoot /usr/local/httpd/otherdomain By trying to connect I get: 421 Service not available, remote server has closed connection Login failed. The log tells: -i [32076] <01/23-22:48:45> TECH-ERR can't eval DestAddr for 62.224.92.75 # its a remote dialin-IP outside the LAN My idea is: ftp connect to no one, expect 2 users to their http-root directories with full read/write access. Who can give me the hint to realize my idea? Thank you for the time you spend reading my question. Kind regads, -- Walter Krohe, wk@u2me.de Hauffstr. 15, D-73779 Deizisau voice +49 7153 6149380, fax +49 7153 921217
On Tue, Jan 23, 2001 at 11:18:07PM +0100, Walter Krohe wrote:
Hello everybody !
Hi! See ftp://ftp.suse.com/pub/projects/proxy-suite/devel and read the ftp-proxy-chroot.txt file there.
I ask for friendly help. Maybe my question ist an "Dummie" one.
I have to install on my webserver an ftp service for two guy's who has her domains on it. Up to now I had disabled ftp access at all.
Today I installd on the webserver (running SuSE 6.3, 2.2.13 kernel) the fwproxy-1.7tp5-0.i386.rpm. I added the inted command, modified ftp-proxy.conf (AllowMagicUser -> no/DestinationAdress -> to the default webserver/LogDestination/ServerRoot) Also I added to ftp-proxy.conf: [username] DestinationAdress otherdomain.tld ServerRoot /usr/local/httpd/otherdomain
By trying to connect I get: 421 Service not available, remote server has closed connection Login failed.
The log tells: -i [32076] <01/23-22:48:45> TECH-ERR can't eval DestAddr for 62.224.92.75
You need all libs needed to resolve the hostnames in the ServerRoot.
# its a remote dialin-IP outside the LAN
My idea is: ftp connect to no one, expect 2 users to their http-root directories with full read/write access.
You can use ValidCommands to restrict the USER command
to allowed user names (USER=<regex> - see "man 7 regex"
how to set is).
The chroot into the http-root directory should be done
by the ftp-server - you can use proftpd for this.
Set this in /etc/proftpd.conf:
DefaultRoot ~/http webuser
DefaultRoot ~
in this case proftpd does a chroot into ~/http for all
users of group "webuser" and a chroot into the users
home for all other users.
You can restrict users allowed to login using
/etc/ftpusers... or, of course via the proxy.
Kind regards,
Marius Tomaschewski
ReHi! On Tue, Jan 23, 2001 at 11:33:32PM +0100, Marius Tomaschewski wrote:
On Tue, Jan 23, 2001 at 11:18:07PM +0100, Walter Krohe wrote:
I have to install on my webserver an ftp service for two guy's who has her domains on it. Up to now I had disabled ftp access at all.
Today I installd on the webserver (running SuSE 6.3, 2.2.13 kernel) the fwproxy-1.7tp5-0.i386.rpm. I added the inted command, modified ftp-proxy.conf (AllowMagicUser -> no/DestinationAdress -> to the default webserver/LogDestination/ServerRoot) Also I added to ftp-proxy.conf: [username] DestinationAdress otherdomain.tld ServerRoot /usr/local/httpd/otherdomain ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ahm.... do you try to use the ftp-proxy as ftp-server?
Kind regards,
Marius Tomaschewski
Hi Marius, thank you very much for your very usefull hints. It seems there comes a bit more work as I thought ;-)
ServerRoot /usr/local/httpd/otherdomain ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ahm.... do you try to use the ftp-proxy as ftp-server?
Is it right, that ftp-proxy by itself cannot handle as a ftp-server? I haven't understood how / at which point the ftp-proxy "connect" to the (local) ftp-server. Where is the call to /sbin/ftp-xyz ? What shold be the entry for "ServerRoot"? I know, that are the questions of an "Dummie" :-) Kind regards, Walter Krohe
On Wed, Jan 24, 2001 at 10:38:29AM +0100, Walter Krohe wrote:
Hi Marius,
Hi!
thank you very much for your very usefull hints. It seems there comes a bit more work as I thought ;-)
ServerRoot /usr/local/httpd/otherdomain ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Ahm.... do you try to use the ftp-proxy as ftp-server?
Is it right, that ftp-proxy by itself cannot handle as a ftp-server?
Yes, it can't rund as ftp server, because it is a ftp proxy.
I haven't understood how / at which point the ftp-proxy "connect" to the (local) ftp-server. Where is the call to /sbin/ftp-xyz ?
There isn't a call (exec) like this. The proxy connects via TCP (ftp) to the ftp server. In your setup, you can start the ftp server on 127.0.0.1:21 and the proxy on the address if the network interface and set DestinationAddress to 127.0.0.1 (localhost).
What shold be the entry for "ServerRoot"?
It is a directory with all libraries the proxy needs to run,
but no other data.
Read
ftp://ftp.suse.com/pub/projects/proxy-suite/devel/ftp-proxy-chroot.txt
and also other documentation shipped with the proxy.
Gruesse,
Marius Tomaschewski
participants (3)
-
Frank Stuehmer -
Marius Tomaschewski -
Walter Krohe