You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Larry Irwin (Work/IMAP)" <la...@ccamedical.com> on 2012/11/14 17:28:43 UTC

[users@httpd] Setting up mod_ftp

  Hi everyone,
I am trying, initially, to set up an anonymously accessed, blind 
incoming folder using ssl-based ftp.
I've downloaded and compiled ftp_mod, configured it and have it working 
as expected within the local network, but am having issues getting the 
settings correct for internet access.
On our router, we've put in rules for inbound connections from any 
source IP to [WANIP]:990 to be forwarded to [LANIP]:990 and this has 
made it possible to connect and anonymously authenticate, but not to get 
a data connection.
I was under the impression that setting FTPPASVaddr to the WANIP would 
provide the proper PORT response to allow the data connection without 
router configuration changes.
However, if I did not set FTPPASVbindaddr, it still sent the LANIP back 
in the PORT command to the client. (not sure if this is a bug...)
Once I set both, it did send the WANIP in the PORT command, but I was 
still not able to achieve a data connection.
Any help would be greatly appreciated!
Thanks,
Larry Irwin
CCA Medical

Versions: Debian Etch 2.6.18-6-amd64, httpd-2.2.22.tar.gz, 
mod_ftp-0.9.6-beta.tar.gz
Folders: drwxrwxrwx 3 root   root  4096 Nov 12 17:42 sftp, d-wx-wx-wx 2 
root root 4096 Nov 13 14:40 sftp/incoming
Entries added to httpd.conf: LoadModule ftp_module modules/mod_ftp.so, 
Include conf/extra/ftpd.conf
Content of ftpd.conf:
<IfModule mod_log_config.c>
   LogFormat "%u [%a] %r" command_log_fmt
   LogFormat "%{%b %e %H:%M:%S %Y}t %T %a %B %U %M %F %d %W %u %S %Z %Y" 
transfer_log_fmt
</IfModule>
Listen [LANIP]:990 ftp
AcceptFilter ftp none
SSLPassPhraseDialog     builtin
SSLSessionCache         "dbm:/usr/local/apache2/logs/ssl_scache"
SSLSessionCache         "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex                "file:/usr/local/apache2/logs/ssl_mutex"
<VirtualHost [LANIP]:990>
   FTPPASVaddr [WANIP]
   FTPPASVbindaddr [WANIP]
   FTPOptions AllowProxyPASV AllowProxyPORT
   ServerAdmin  you@ftp.example.com
   DocumentRoot "/u/ftp/sftp"
   FTP On
<Directory "/u/ftp/sftp">
     AuthName "Use 'anonymous' and email address for guest entry"
     AuthType basic
</Directory>
<Directory "/u/ftp/sftp">
<Limit MKD RMD STOR DELE RNFR>
       Order deny,allow
       Deny from all
</Limit>
</Directory>
<Directory "/u/ftp/sftp/incoming">
<LimitExcept MKD RMD STOR DELE RNFR>
       Order deny,allow
       Allow from all
</LimitExcept>
</Directory>
   ErrorLog     "logs/ftp_error_log"
   SSLEngine on
   SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
   SSLCertificateFile "/usr/local/apache2/conf/server.crt"
   SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
   FTPImplicitSSL On
</VirtualHost>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org