| View previous topic :: View next topic |
| Author |
Message |
_kal_
l33t
Joined: 04 Mar 2005
Posts: 602
Location: Paris
|
 Posted: Tue Apr 19, 2005 12:23 pm Post subject: [GLFTPD] Can't connect from the wan |
 |
|
Hi guys! 
I havei nstalled gentoo 2005.0 on my ftp server which was before on a debian Sarge. I've installed succesfully glftpd 2.0 and it works... only from my local network! When I want to access to my ftp server from the wan (internet), i just can't connect! 
Here is tome details:
| Code: | vdr root # tail /var/log/messages
Apr 19 14:23:39 vdr glftpd[18024]: warning: can't verify hostname: getaddrinfo(83.206.23.133.auto.oleane.fr, AF_INET) failed
Apr 19 14:23:49 vdr glftpd[18024]: connect from 83.206.23.133 (83.206.23.133)
Apr 19 14:24:02 vdr xinetd[18019]: START: glftpd pid=20000 from=127.0.0.1
Apr 19 14:24:02 vdr glftpd[20000]: connect from localhost (127.0.0.1)
|
Ok, so here we can see that glftpd cannot make a dns resolution when i want to access from the wan. No problem if connection is established from the lan.
Here is my /etc/xinetd.d/glftpd :
| Code: | vdr root # cat /etc/xinetd.d/glftpd
service glftpd
{
disable = no
only_from = 0.0.0.0
flags = REUSE NAMEINARGS
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/tcpd
server_args = /opt/glftpd/bin/glftpd -l -i -o -s/opt/glftpd/bin/glstrings.bin -z cert=/opt/glftpd/etc/ftpd-dsa.pem
}
|
At least, this is my /etc/xinetd.conf :
| Code: |
vdr root # cat /etc/xinetd.conf
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-apps/xinetd/files/xinetd.conf,v 1.6 2004/07/15 00:53:48 agriffis Exp $
# Sample configuration file for xinetd
defaults
{
only_from = 0.0.0.0
instances = 60
log_type = SYSLOG authpriv info
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
|
The glftpd.conf that i use is the old from my debian server, which was using glftpd 2.0 too (so no compatibility problem). I'm behind a routor/firewall, but it's even configured to bind connection from port 21 to the local ip of my server ftp.
Please, excuse my poor english : i'm french |
|
| Back to top |
|
 |
_kal_
l33t
Joined: 04 Mar 2005
Posts: 602
Location: Paris
|
| Posted: Tue Apr 19, 2005 12:53 pm Post subject: |
|
|
Please, i don't want to reinstall debian  |
|
| Back to top |
|
|
c4
Guru
Joined: 21 Feb 2004
Posts: 312
Location: Sweden
|
| Posted: Thu Apr 21, 2005 7:49 pm Post subject: |
|
|
I have commented these lines in the files below:
/etc/xinetd.d/glftpd:
| Code: | | #only_from = 0.0.0.0 |
/etc/xinetd.conf: | Code: | | #only_from = localhost |
The default setup for glftpd is that this user only is allowed from @127.0.0.1. Have you checked the ip-mask? Accessing and administrating the server with this user is not recommended. Create a new siteop account and delete&purge the user glftpd for increased security on your site.
_________________
AMD64 Gentoo Hardened server
AMD64 Xubuntu Desktop
X86 Dreamlinux Vaio laptop |
|
| Back to top |
|
|
|
Networking & Security
