Differences

This shows you the differences between the selected revision and the current version of the page.

howto:open_ports_ftpd 2007/10/01 17:11 howto:open_ports_ftpd 2017/09/06 18:38 current
Line 1: Line 1:
====== HOWTO Use the FTP Deamon in NAT Environment ====== ====== HOWTO Use the FTP Deamon in NAT Environment ======
-The ftp deamon included in the DNS-323 is WU-FTPD version 2.6.2. Unfortunately, this version contains a major security issue and we can only hope that D-Link upgrades to a more recent version, i.e. a fully patched 2.6.2 would be the best.\\+The ftp deamon included in the DNS-323 with firmware before 1.04 is WU-FTPD version 2.6.2. Unfortunately, this version contains a major security issue and we can only hope that D-Link upgrades to a more recent version, i.e. a fully patched 2.6.2 would be the best.\\
More information about these security issues can be found at the [[http://www.wu-ftpd.org|WU-FTPD homepage]] More information about these security issues can be found at the [[http://www.wu-ftpd.org|WU-FTPD homepage]]
More information about the FTP deamon can me found in the [[http://www.wu-ftpd.org/man|manpages]]. More information about the FTP deamon can me found in the [[http://www.wu-ftpd.org/man|manpages]].
-===== FTP Active vs Passive connections in 30 seconds =====+ 
 +===== FTP Active vs Passive connections in 30 seconds? =====
The ftp protocol uses several connections during a ftp-session. The first connection is a control channel typically served on port 21. The ftp protocol uses several connections during a ftp-session. The first connection is a control channel typically served on port 21.
Line 38: Line 39:
==== Modify /etc/ftpaccess ==== ==== Modify /etc/ftpaccess ====
If none of the above works for you, typically when both client and server are behind firewalls/NAT, then you can always modify the configuration files. In order to do this you need [[howto:telnet|telnet]] access to the unit, and you need to have a proper editor - unless you can handle [[http://thomer.com/vi/vi.html|vi]]. If none of the above works for you, typically when both client and server are behind firewalls/NAT, then you can always modify the configuration files. In order to do this you need [[howto:telnet|telnet]] access to the unit, and you need to have a proper editor - unless you can handle [[http://thomer.com/vi/vi.html|vi]].
 +
 +//NOTE: In firmware 1.04 there is a new ftp daemon, and the approach is different. There is a section for this further down.//
Copy the file you intend to edit to /mnt/HD_a2, ''cp /etc/ftpaccess /mnt/HD_a2/.'' and edit the file from your PC with a proper editor. **Don't** use notepad or MS Word for this! Instead use the free [[http://notepad-plus.sourceforge.net/uk/site.htm|Notepad++]] or the commercial UltraEdit. Copy the file you intend to edit to /mnt/HD_a2, ''cp /etc/ftpaccess /mnt/HD_a2/.'' and edit the file from your PC with a proper editor. **Don't** use notepad or MS Word for this! Instead use the free [[http://notepad-plus.sourceforge.net/uk/site.htm|Notepad++]] or the commercial UltraEdit.
Line 65: Line 68:
If you screwed the file, then you can always fallback to the default file by deleting the /mnt/HD_a2/.systemfile/.ftpaccess file. If you screwed the file, then you can always fallback to the default file by deleting the /mnt/HD_a2/.systemfile/.ftpaccess file.
 +
 +
 +
 +
 +==== Setting external IP in pure-ftpd (firmware version 1.04) ====
 +If you have upgraded to version 1.04 and not reformatted your disks the config files mentioned above will still be present, exept for the /etc/ftpaccess. pure-ftpd has it's own config files, but I haven't been able to modify them successfully to let it use the ForcePassiveIP parameter. There is a workaround, though:
 +
 +Stop the ftp server in the admin-interface. then edit your fun_plug file using vi or the copy - edit - copy back method mentioned above and add the following line:
 +
 +<code>pure-ftpd -P <your_public_ip_address> -p 65501:65510 -S ,21 -B -C 3 -I 2 -E -T 100:100</code>
 +<code>
 +65501:65510 can be changed to whatever ports you want. The ports you set here must be forwarded in your router
 +-C 3 means max connections
 +-I 2 means two minutes idle time
 +-E means no anonymous users
 +-B means daemonize the process
 +-T 100:100 means bandwidth restriction for all users, 100kB up:down (use -t to only restrict anonymous users. You must then remove -E)
 +-S ,21 says which port it should bind to. 21 is default. Remember to use the comma in front of the port number.
 +</code>
 +
 +You might want to add an extra parameter -A to chroot() everyone (except root), otherwise user access won't be restricted to their home directory.
 +
 +To get more parameters, issue the command <code>pure-ftpd --help</code> or see the man pages for pure-ftpd on the net.
 +
 +Now you are ready to restart your DNS-323. Make sure ftp in the admin interface is not running before you reboot. The new command you put at the end of the fun_plug file is the command which will start pure-ftpd (the ftp server) at boot time.  Note that it will still show as stopped in the administrative interface.
 +
 +DO NOT start and stop the ftp server from the interface from now on. Doing so will make pure-ftpd start with its defaults, thus make your changes stop working until you reboot.
 +
 +I think you should be able to use the admin interface to add users, but it seems to start/restart the pure-ftpd daemon, and then you'll have to stop the server from the admin interface and reboot the DNS-323
 +
 +NOTE: There are some versions of the file pure-ftpd.conf around.  Issue the command <code>
 +find / -name pure-ftpd.conf</code> to find them all. I haven't been able to modify one with the correct parameter. It seems to be reset at reboot, and I might have the wrong parameter.

Navigation
[Edit]
Personal Tools