pureftpd can't work normally on pureftp--NATD--ipfw--FreeBSD 5.4

Mon, 22 Aug 2005 18:05:57 -0700 

I use freebsd 5.4(with OPTION IPFW on and IPFIREWALL_DEFAULT_TO_ACCEPT
on)+apache+pureftp+natd to setup a server used for ftp/web server and
as a getway for share network too.

My network like this:

              ------(oip:x.x.x.a)------
             |                         |
 (oif:em0)-->|                         |-->(internet getway:x.x.x.254)
    ^        |                         | 
    |         ---(oip alias0:x.x.x.b)-- 
    |     
    |     
 (iif:em1,iip:192.168.100.254)<-------(inet 192.168.100.254/16)<---(intranet)  

I bind oip:x.x.x.a as httpd and pureftpd serverip,and use
em0_aliase0(x.x.x.b)  as natd's interface.

And use of  rc.firewall rule: 'open .
So my intranet can share internet normaly through natd on x.x.x.b,and
http server work normaly too.And the users of
intranet(192.168.100.254/16) can visit pureftpd correctly.

My problem is:the users of internet can't visited my pureftpd on
x.x.x.a correctly,The debug information like below.From the erro,it's
like that ipfw rule was wrong.If I cancel em0_alias0(x.x.x.b),and set
natd_interface to (x.x.x.a),it work very well!
Is there some one meet this problem before?Give me help please!

=========================================
                *** CuteFTP Pro 6.0 - build Mar 25 2004 ***

STATUS:>        Getting listing ""...
STATUS:>        Resolving host name x.x.x.a...
STATUS:>        Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:>        Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:>        Socket connected. Waiting for welcome message...
                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                220-Local time is now 23:07. Server port: 21.
                220 You will be disconnected after 15 minutes of inactivity.
STATUS:>        Connected. Authenticating...
COMMAND:>       USER tmp
                331 User tmp OK. Password required
COMMAND:>       PASS *****
                230-User tmp has group access to:  www     
                230 OK. Current restricted directory is /
STATUS:>        Login successful.
COMMAND:>       PWD
                257 "/" is your current location
STATUS:>        Home directory: /
COMMAND:>       FEAT
                211-Extensions supported:
                 EPRT
                 IDLE
                 MDTM
                 SIZE
                 REST STREAM
                 MLST 
type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
                 MLSD
                 ESTP
                 PASV
                 EPSV
                 SPSV

                211 End.
STATUS:>        This site supports features.
STATUS:>        This site supports SIZE.
STATUS:>        This site can resume broken downloads.
COMMAND:>       REST 0
                350 Restarting at 0
COMMAND:>       PASV
                227 Entering Passive Mode (x,x,x,a,158,251)
STATUS:>        Connecting FTP data socket x.x.x.a:40699...
ERROR:>         The connection failed due to an error or timeout.
                1) Verify that the destination IP address is correct.
     ......
                12) Verify that your anti-virus software is not at fault (try 
disabling it).
ERROR:>         PASV failed, trying PORT.
STATUS:>        Waiting 0 seconds...
STATUS:>        Getting listing "/"...
STATUS:>        Resolving host name x.x.x.a...
STATUS:>        Host name x.x.x.a resolved: ip = x.x.x.a.
STATUS:>        Connecting to FTP server x.x.x.a:21 (ip = x.x.x.a)...
STATUS:>        Socket connected. Waiting for welcome message...
                220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                220-Local time is now 23:08. Server port: 21.
                220 You will be disconnected after 15 minutes of inactivity.
STATUS:>        Connected. Authenticating...
COMMAND:>       USER tmp
                331 User tmp OK. Password required
COMMAND:>       PASS *****
                230-User tmp has group access to:  www     
                230 OK. Current restricted directory is /
STATUS:>        Login successful.
COMMAND:>       PWD
                257 "/" is your current location
STATUS:>        Home directory: /
STATUS:>        This site supports features.
STATUS:>        This site supports SIZE.
STATUS:>        This site can resume broken downloads.
COMMAND:>       REST 0
                350 Restarting at 0
COMMAND:>       PORT 192,168,123,104,6,18
                200 PORT command successful
COMMAND:>       LIST
ERROR:>         Timeout (60000 ms) occurred on receiving server response.
=========================================

content of /etc/rc.conf:
======================
hostname="x.x.x.a"

ifconfig_em0="inet x.x.x.a  netmask 255.255.255.0"
ifconfig_em0_alias0="inet x.x.x.b netmask 255.255.255.0"
ifconfig_em1="inet 192.168.100.254  netmask 255.255.255.0"

defaultrouter="x.x.x.254"
static_routes="inside"
route_inside="-net 192.168.100.254/16 192.168.100.1"

#proxy:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="simple"
natd_enable="YES"
natd_interface="x.x.x.b"
nat_flag="-a x.x.x.b"

#servers:
inetd_enable="YES"
#pureftpd_enable="YES"
apache2_enable="YES"
=======================

content of /etc/inetd.conf:
==============================
ftp     stream  tcp     nowait  root    /usr/local/sbin/pure-ftpd       
pure-ftpd
-Sx.x.x.a,21 -Px.x.x.a -lmysql:/usr/local/etc/pureftpd-mysql.conf -A
-j -D -Oclf:/web/logs/ftp/pureftp.log
#ftp    stream  tcp     nowait  root    /usr/local/sbin/pure-ftpd       
pure-ftpd

ssh     stream  tcp     nowait  root    /usr/sbin/sshd          sshd -i -4

==============================
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to