Dit doet filezilla zelf de poort achter het IP adres plaatsen. Indien ik zelf een poort aangeef komt dat achter het ip adres te staan. Maar standaard is dit dus poort 21. Lijkt mij niets fout mee toch......
Ik heb ook de post-firewall erbij gedaan. Moet daar soms ook nog poort 21 bij in? Poort 22 voor de SSH zit hier wel in maar 21 niet. Overigens als ik poort 22 via filezilla probeer lukt het ook niet. Ik heb inmiddels even de post-firewall uitgebreid door de 4 regels van poort 22 te kopiëren en 22 gewijzigd in 21 maar het geeft niet het gewenste resultaat. (ik heb ook flashfs save, commit en enable + reboot gedaan).
De output van top
Code:
Mem: 12232K used, 1676K free, 0K shrd, 988K buff, 5672K cached
Load average: 0.00, 0.00, 0.00 (State: S=sleeping R=running, W=waiting)
PID USER STATUS RSS PPID %CPU %MEM COMMAND
704 admin R 444 700 2.1 3.1 top
698 admin S 496 1 0.3 3.5 upnp
43 admin S 292 1 0.1 2.0 telnetd
139 nobody S 1684 1 0.0 12.1 thttpd
700 admin S 556 43 0.0 3.9 sh
48 admin S 524 1 0.0 3.7 httpd
55 nobody S 480 1 0.0 3.4 dnsmasq
122 admin S 396 1 0.0 2.8 udhcpc
92 admin S 380 1 0.0 2.7 watchdog
1 admin S 356 0 0.0 2.5 init
145 admin S 336 1 0.0 2.4 dropbear
54 admin S 328 1 0.0 2.3 syslogd
89 admin S 288 1 0.0 2.0 infosvr
56 admin S 284 1 0.0 2.0 klogd
141 admin S 284 1 0.0 2.0 smbd
71 admin S 276 1 0.0 1.9 lpd
94 admin S 244 92 0.0 1.7 ntp
58 admin S 236 1 0.0 1.6 nas
80 admin S 212 1 0.0 1.5 rcamdmain
78 admin S 212 1 0.0 1.5 waveservermain
/opt/etc/vsftpd.conf:
Code:
# Example config file /opt/etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
#
# You may override where the log file goes if you like. The default is shown
# below.
vsftpd_log_file=/opt/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the NSLU2 vsftp daemon.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/opt/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/opt/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
secure_chroot_dir=/opt/usr/share/empty
/opt/etc/xinetd.d/vsftp:
Code:
# description: The vsftpd FTP server serves FTP connections.
# it uses normal, unencrypted usernames and passwords for auth service ftp
{
disable = no
socket_type = stream
user = admin
server = /opt/sbin/vsftpd
server_args = /opt/etc/vsftpd.conf
wait = no
nice = 10
only_from = 0.0.0.0/0
}
/usr/local/sbin/post-boot
Code:
#!/bin/sh
# wait for /opt to mount
mount /dev/discs/disc0/part1 /opt
i=0
while [$i -le 30]
do
if [ -d /opt/etc ]
then
break
fi
sleep 1
i=`expr $i + 1`
done
# Activate swap
swapon /dev/discs/disc0/part2
#Run all active services - active means starts with S
/opt/etc/init.d/rc.unslung
#!/bin/sh
dropbear
post-firewall
Code:
#!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -i $1 -p tcp --dport 22 -j DNAT --to-destination $4:22
iptables -A INPUT -j DROP
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i $1 -p tcp --dport 80 -j DNAT --to-destination $4:81
iptables -A INPUT -j DROP
cat /etc/passwd
Code:
[admin@Samba root]$ cat /etc/passwd
admin:$1$$6bs8rz1sVsnIvlDD5R7b1/:0:0:root:/usr/local/root:/bin/sh
nobody:x:99:99:nobody:/:/sbin/nologin
Ik hoop dat dit meer inzicht in mijn situatie geeft al is het volgens mij allemaal zoals het in de tutorial staat. Ik weet niet of het verstandig is de inhoud van mijn passwd file te tonen maar ik heb de indruk dat dit geen kwaad kan.
Nico.