I've been using proftpd for many years and I think my config stayed intact for a year or so now. However I've discovered that anonymous access doesn't work anymore after one of my recent upgrades. It looks like there are some problems with passive mode for anonymous users.
Here's sample ftp session log, notice that 4th 'ls' attempt succeeds
Code: Select all
kos@kos ~ $ /usr/bin/ftp localhost
Connected to localhost (127.0.0.1).
220 ProFTPD 1.3.3rc1 Server (KoS' FTP Server)
Name (localhost:kos): anonymous
500 AUTH not understood
SSL not available
331 Anonymous login ok, send your complete email address as your password
Password:
230-Welcome to KoS' FTP server!
You can use up to 3 connections per IP, there is no bandwidth limit. However,
server runs at nice 18 (low priority), so you can experience slowdowns when
230 system is busy (like when I'm gaming :p ).
Remote system type is Guest.
ftp> ls
215 UNIX Type: L8
200 PORT command successful
ftp> ls
150 Opening ASCII mode data connection for file list
ftp> ls
226 Transfer complete
200 PORT command successful
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
dr-xr-xr-x 3 ftp ftp 728 Feb 26 2008 books
dr-xr-xr-x 5 ftp ftp 168 Jun 11 2005 dev
dr-xr-xr-x 2 ftp ftp 176 Oct 26 2007 doc
[...full listing here...]
226 Transfer complete
Code: Select all
kos@kos ~ $ LANG=C lftp localhost
lftp localhost:~> debug 10
lftp localhost:~> ls
---- dns cache hit
---- Connecting to localhost (127.0.0.1) port 21
<--- 220 ProFTPD 1.3.3rc1 Server (KoS' FTP Server)
---> FEAT
<--- 211-Features:
MDTM
MFMT
TVFS
UTF8
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
LANG en-US*
REST STREAM
SIZE
<--- 211 End
---> LANG
<--- 200 Using default language en_US
---> OPTS UTF8 ON
<--- 200 UTF8 set to on
---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
---> USER anonymous
<--- 331 Anonymous login ok, send your complete email address as your password
---> PASS lftp@
<--- 230-Welcome to KoS' FTP server!
<--- You can use up to 3 connections per IP, there is no bandwidth limit. However,
<--- server runs at nice 18 (low priority), so you can experience slowdowns when
<--- 230 system is busy (like when I'm gaming :p ).
<--- 230 Guest access granted for anonymous.
---> PWD
<--- 257 "/" is the current directory
---> PASV
---> LIST
---> ABOR
---- Closing aborted data socket
---- Closing control socket
---- Switching passive mode off
---- dns cache hit
---- Connecting to localhost (127.0.0.1) port 21
<--- 220 ProFTPD 1.3.3rc1 Server (KoS' FTP Server)
---> FEAT
<--- 211-Features:
MDTM
MFMT
TVFS
UTF8
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
LANG en-US*
REST STREAM
SIZE
<--- 211 End
---> LANG
<--- 200 Using default language en_US
---> OPTS UTF8 ON
<--- 200 UTF8 set to on
---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
---> USER anonymous
<--- 331 Anonymous login ok, send your complete email address as your password
---> PASS lftp@
<--- 230-Welcome to KoS' FTP server!
<--- You can use up to 3 connections per IP, there is no bandwidth limit. However,
<--- server runs at nice 18 (low priority), so you can experience slowdowns when
<--- 230 system is busy (like when I'm gaming :p ).
<--- 230 Guest access granted for anonymous.
---> PWD
<--- 257 "/" is the current directory
---> PORT 127,0,0,1,225,5
<--- 200 PORT command successful
---> LIST
---- Accepted data connection from (127.0.0.1) port 20
<--- 150 Opening ASCII mode data connection for file list
dr-xr-xr-x 3 ftp ftp 728 Feb 26 2008 books
dr-xr-xr-x 5 ftp ftp 168 Jun 11 2005 dev
dr-xr-xr-x 2 ftp ftp 176 Oct 26 2007 doc
[...]
---- Got EOF on data connection
---- Closing data socket
copy: get hit eof
copy: waiting for put confirmation
copy: put confirmed store
copy: get is finished - all done
<--- 226 Transfer complete
**** extra server response
Non-anonymous logins are also OK, even in passive mode.
Firewall was stopped..
Tried to fiddle with the USE flags - no results. There are no errors in auth.log, xfer.log or 'proftpd -n -d 10' output.
My proftpd.conf:
Code: Select all
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "KoS' FTP Server"
#ServerType inetd
ServerType standalone
DefaultServer on
#IdentLookups off
UseReverseDNS off
# Port 21 is the standard FTP port.
Port 21
# Use the IANA registered ephemeral port range
PassivePorts 49152 65534
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
<IfModule mod_lang.c>
LangDefault en_US
</IfModule>
#PersistentPasswd off
#AuthPAMAuthorative off
MaxClientsPerHost 3 "Sorry, you may not connect more than three times."
# Trace ALL:10
# TraceLog /var/log/t.log
# Set the user and group that the server normally runs at.
User proftpd
Group proftpd
RequireValidShell off
AuthPAM off
AuthPAMConfig ftp
AccessGrantMsg "Guest access granted for %u."
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
DefaultRoot ~
AllowOverwrite on
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
#AnonymousGroup ftp
DefaultRoot /
# A basic anonymous configuration, no upload directories.
<Anonymous ~>
User ftp
Group ftp
DisplayLogin /readme.txt
DisplayChdir .message true
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
PathDenyFilter "(\.ftpaccess)|(\.htaccess)$"
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message true
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
DirFakeGroup on
DirFakeUser on
DirFakeMode 40444
HideGroup root
</Anonymous>
<Anonymous /home/kos>
RequireValidShell off
User kos
Group users
AnonRequirePassword on
AccessGrantMsg "Welcome home!"
<Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>
Order allow,deny
Allow from 193.168.1.,80.70.228.198,127.0.0.1,10.1.1.67,10.1.0.2,66.134.141.162,205.158.63.41,209.220.
Deny from all
</Limit>
</Anonymous>
#<Anonymous /largefiles>
<Anonymous /mnt/iso>
RequireValidShell off
User ftp
Group users
UserAlias cdrom ftp
UserPassword ftp xxx
UserPassword cdrom xxx
AnonRequirePassword on
<Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>
Order allow,deny
Allow from all
#Allow from 193.168.1.,80.70.228.198,10.1.0.2,10.1.2.16,10.1.7.90,127.0.0.1,10.1.1.67
#Deny from all
</Limit>
</Anonymous>
<Anonymous /home/ftp/wget4web>
RequireValidShell off
User nobody
Group nobody
UserAlias linux nobody
UserPassword linux xxx
UserPassword nobody xxx
AnonRequirePassword on
<Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>
Order allow,deny
Allow from 193.168.1.,10.1.1.,80.70.225.85,10.1.4.133
Deny from all
</Limit>
</Anonymous>
<Anonymous /home/ftp/gentoo>
RequireValidShell off
User ftp
Group portage
UserAlias gentoo ftp
UserPassword ftp xxx
UserPassword gentoo xxx
AnonRequirePassword on
<Limit CWD MKD RNTO RMD RETR REST APPE WRITE STOR DELE RNFR>
Order allow,deny
Allow from 193.168.1.,80.70.228.198,127.0.0.1,10.1.1.67,10.1.0.2
Deny from all
</Limit>
</Anonymous>
<Global>
</Global>