From owner-freebsd-questions@FreeBSD.ORG Fri Feb 7 16:05:07 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E334E1D7 for ; Fri, 7 Feb 2014 16:05:07 +0000 (UTC) Received: from mail-qa0-x233.google.com (mail-qa0-x233.google.com [IPv6:2607:f8b0:400d:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 987411C8F for ; Fri, 7 Feb 2014 16:05:07 +0000 (UTC) Received: by mail-qa0-f51.google.com with SMTP id f11so5599381qae.10 for ; Fri, 07 Feb 2014 08:05:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=N8PMNjG1vo2WnxU34/yvsXXdl7ZmrOTXZws3jVJOay4=; b=Uv9cHPu3DlEkTU5kooWHO5opKuLowfa1s+wX4P3xAba6qKfPMruTSBzTqwmzFFj9MX a8qjG9F09zDRF2RxhGdAyeNv54l58/gsn+Lc6LH0K6F+D8vB7sY8RuQUIOI3+AseuXK+ tPqxPmVJSXoVveS5OK4TfNlsP8VhTn191nICTPgLGr5Dvff136LUikYVLTUNgpvqBoQY ZvWZc3Y7nrl/hVIt+EunF0F4texP3WqiLjUpAgmfxp92sDpLxtvZa+Rkv22/BaMUryPW yFYKYzqm9OuvUp3oM/2j3ulbU5kcyuYv9qufvDWgTGQcDhLzpNqwxhz0c0vFcae6g8FB gNfQ== MIME-Version: 1.0 X-Received: by 10.140.85.179 with SMTP id n48mr21602080qgd.91.1391789106401; Fri, 07 Feb 2014 08:05:06 -0800 (PST) Received: by 10.96.113.74 with HTTP; Fri, 7 Feb 2014 08:05:06 -0800 (PST) Received: by 10.96.113.74 with HTTP; Fri, 7 Feb 2014 08:05:06 -0800 (PST) In-Reply-To: References: <52F4E70D.11252.1381412@g8kbvdave.gmail.com> Date: Fri, 7 Feb 2014 16:05:06 +0000 Message-ID: Subject: Re: FTPD port trouble. From: Dave Baxter To: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: Self , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Feb 2014 16:05:08 -0000 Thank you Sir, that helps a lot towards my better understanding. I'll try a few changes later and report back. I find it frustrating that the man pages rarely cover everything one needs to know in one place. Best regards. Dave B (Coffe shop portable) Sent from an el cheapo 'droid device :-) On Feb 7, 2014 3:51 PM, "Trond Endrest=F8l" < Trond.Endrestol@fagskolen.gjovik.no> wrote: > On Fri, 7 Feb 2014 14:00-0000, g8kbvdave@googlemail.com wrote: > > > Hi All. > > > > How "EXACTLY" (sorry) Do I specify, the main connection port number > for FTPd > > (enabled in inetd.conf, and inetd enabled in rc.conf) to listen on, and > the range > > of ports to use for PASV mode? > > In /etc/services, create your own definition: > > ftp-local 2121/tcp #File Transfer [Control] (Local Override) > > > In /etc/inetd.conf, add/modify the appropriate lines: > > ftp-local stream tcp nowait root /usr/libexec/ftpd ftpd > -l > ftp-local stream tcp6 nowait root /usr/libexec/ftpd ftpd > -l > > According to ftpd(8) and ip(4), ftpd does by default use > IP_PORTRANGE_HIGH which can be adjusted by setting > net.inet.ip.portrange.hifirst and net.inet.ip.portrange.hilast on the > command line for immediate effect and/or permanently in > /etc/sysctl.conf. > > On one of my 9.2 systems I have: > > net.inet.ip.portrange.hifirst: 49152 > net.inet.ip.portrange.hilast: 65535 > > Other parts of the jail may use these sysctls, so be careful. > > > What parameter (.conf) files do I need to edit and/or create to do that > in the > > server jail, also the exact sytax of what to put in there. (The > manpages for ftpd > > leave me stone cold, as usual.) > > I believe you can use /etc/sysctl.conf in each jail. > > > I've a jailed web server running now on FBSSD 9.2, it seems stable and > does the > > job fine. > > > > The same jail also has the OS's own FTPD service running, started via > inetd. > > There are three FTP users, that are chrooted to the directories needed > within the > > jail, thanks to entries in /etc/ftpchroot in the jail. > > > > I have other machines on the same local LAN segment automaticaly updati= ng > > data on the web pages also just fine via FTP, using either active or > passive > > mode, as they see fit. > > > > However, I wish to be able to access those same directories and files > via FTP > > over a SSHD session (typicaly using PuTTY on Windows, and a FileZilla > client) for > > remote admin needs, to that end, there is a general site maintenance FT= P > user. > > One solution, unless you want to go the POSIX ACL route, is to create > a special group for the maintenance user in /etc/groups, set the > setgid bit on the chrooted directories, > > chmod -R g+s some-dir > > and assign at least 0770 to each directory, and at least 0660 to each > file, these commands only modify the group access rights, > > find some-dir -type d -exec chmod -R g+rwx {} \; > find some-dir -type f -exec chmod -R g+rw {} \; > > and assign the special group to each file and directory, > > chgrp -R specialgroup some-dir > > You need to modify the users umask to 002 for this to work properly > afterwards. > > > (I usually configure such machines (on other OS's) to use "High" ports, > way up in > > the dynamic range. It's never a problem, so long as both the server an= d > client > > agree on the same ports of course.) > > > > I've spent an inordinate ammount of time getting nowhere with Google, a= s > it > > seems all the realy useful FreeBSD forum archives are long gone. (404 > errors. > > Why?) So I need help from the collective please. > > > > (I also still can't get onto the IRC channel(s) for FreeBSD, but that's > another > > issue.) > > > > I can already do what I want just fine, when physically connected to th= e > LAN > > with either of the portable PC's I often carry with me, so it's just > those blessed > > port numbers I need to nail to the floor, so I can tunnel them via the > SSH link. > > > > Best Regards, and cheers to All. > > > > Dave B. > > > > PS: If anyone knows of a good blow by blow walk through, showing how = to > > setup Pure-FTPD correctly (other than just use it's basic install) not > needing SQL > > databases (Why complicate things?) I'd like to know for the future. > > > > Its documentation may be plentiful, but its pure crud to read, even whe= n > > imported into a decent reader so it doesn't hurt the eyes! :) Plus = I > know zilch > > re SQL databases, so that's a non starter for me anyway. > > > > Respond off list if you feel the need. > > -- > +-------------------------------+------------------------------------+ > | Vennlig hilsen, | Best regards, | > | Trond Endrest=F8l, | Trond Endrest=F8l, = | > | IT-ansvarlig, | System administrator, | > | Fagskolen Innlandet, | Gj=F8vik Technical College, Norway, | > | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | > | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | > +-------------------------------+------------------------------------+ >