Áàçîâàÿ íàñòðîéêà ProFtpD

÷åñòíî ãîâîðÿ ìåíÿ âîïðîñ êîäèðîâîê èíòåðåñóåò â åäèíñòâåííîì ñëó÷àå --- êîãäà êàêîé-íèáóäü èäèîò âûêëàäûâàåò torrent ñ êèðèëëè÷åñêèì èìåíåì ôàéëà, äà åùå ïîïàäàåòñÿ â êàêîé-íèáóäü ýêçîòè÷åñêîé êîäèðîâêå. Ñ ýòèì vsftpd ñïðàâëÿåòñÿ èäåàëüíî è íàñòðàèâàåòñÿ îí íà ÷òî óãîäíî.

à êòî-íèáóäü ïîáîðîë ïðîáëåìó ñ áóêâîé "ÿ"?
åñëè äà, òî âûëîæèòå, ïîæàëóéñòà èñïîëíÿåìûé ôàéë proftpd.
÷òî-òî ó ìåíÿ ïîêà íå õâàòàåò íàâûêà, ÷òîáû åãî ñêîìïèëèòü è ÷òîá
ðàáîòàëî.

èñõîäíèêè âåðñèè 1.3.1 ïîïðàâèë, êàê áûëî íàïèñàíî âûøå.
ïåðåêîìïèëèðîâàë. òåïåðü áàãà ñ áóêâîé "ÿ" íåò.
èñïîëíÿåìûé ôàéë âî âëîæåíèè

Ïîäñêàæèòå
Ïîñòàâèë proftpd êîìàíäîé ipkg install proftpd
ïîñòàâèë âðîäå âñå íîðìàëüíî
äàþ êîìàíäó proftpd
à îí ìíå â îòâåò

Code:

---

[white@ASUS root]$ proftpd
ASUS - fatal: Socket operation on non-socket

---

þçåðîâ ìîæíî äîáàâèòü â ñèñòåìó è íà ôòï çàõîäèòü ñ èõ èìåíàìè è ïàðîëÿìè â èõ äîìàøíèé êàòàëîã òèïà /home/vasya
äëÿ çàïóñêà â êîíôèãå proftpd.conf äîëæíî áûòü:
ServerType standalone

proftpd
íóæíî ñäåëàòü ðàçãðàíè÷åíèå ñêîðîñòè äëÿ àíîíèìíûõ ïîëüçîâàòåëåé èç ëîêàëêè è èíòåðíåòà, ïîêà íåïîíÿòíî êàê

Code:

---

#êëàññ âíóòðåííèõ ïîëüçîâàòåëåé
<Class internal>
  From 192.168.0.0/16
  From 172.16.0.0/12
  From 10.207.0.0/16
  From 88.84.193.0/24
</Class>

#òàêàÿ äèðåêòèâà íå ðàáîòàåò :(
#Fatal: unknown configuration directive '<IfClass>'
#<IfClass !internal>
#  TransferRate RETR 10000
#</IfClass>

<Class external>
  From !192.168.0.0/16
  From !172.16.0.0/12
  From !10.207.0.0/16
  From !88.84.193.0/24
#çäåñü ñêîðîñòü íå çàäàåòñÿ
  #TransferRate RETR 10000
#Fatal: TransferRate: directive not allowed in server config context
</Class>

<Anonymous /tmp/harddisk>
  <Limit RETR>
    AllowClass external
    #TransferRate RETR 10000
#not working
#Fatal: TransferRate: directive not allowed in <Limit> context
  </Limit>
</Anonymous>

---

Òåìó ñîçäàâàë äàâíî, íî åñëè óäàñòüñÿ ðåøèòü ñåé÷àñ - âñ¸ åù¸ àêòóàëüíî.

ôèãíÿ êàêàÿ-òî, ñêîìïèëèë proftpd-1.3.1 ñ ïàðàìåòðàìè

Code:

---

./configure --prefix=/opt/usr --sysconfdir=/opt/etc --localstatedir=/opt/var \
--with-modules=mod_readme:mod_load:mod_radius:mod_ldap:mod_ban:mod_ratio:mod_ifsession:mod_rewrite:mod_wrap:mod_wrap2:mod_wrap2_file:mod_wrap2_sql:mod_tls \
--enable-ctrls --enable-wrapper-options

---

òåïåðü íå ðóãàåòñÿ íà äèðåêòèâû <IfClass>
íî TransferRate RETR 5000 íèêàê íå îãðàíè÷èâàåò ñêîðîñòü

áëèí :D:D TransferRate RETR 10 â êèëîáàéòàõ ðàáîòàåò :)

PHP Code:

---

<Class internal>
  From 192.168.0.0/16
  From 172.16.0.0/12
  From 10.207.0.0/16
  From 88.84.193.0/24
</Class>

<IfClass !internal>
  TransferRate RETR 10:50000 user ftp
</IfClass> 


---

âîò òàêàÿ øòóêà îãðàíè÷èâàåò ñêîðîñòü èçâíå àíîíèìíûì ïîëüçîâàòåëÿì, ïåðâûå 50êáàéò ñêà÷èâàþò íà ïîëíîé ñêîðîñòè.

http://www.proftpd.org/docs/NEWS-1.3.2rc1

Quote:

---

- Bug 3059 - Wrong handling of UTF8 conversions.
- Bug 3056 - Support non-UTF8 encoding and character sets. See
doc/modules/mod_lang.html for more information on the UseEncoding directive.
- Bug 3064 - Better handling of 0xFF character for Cyrillic, non-UTF8 charsets.
These character sets use the same value as the Telnet IAC character in
the alphabet. RFC959 states that FTP control messages must support Telnet
characters; this requirement causes problems for the character sets.
This the RFC959 requirement is relaxed if --enable-nls is used, and if
one of the problematic character sets is configured.

---

êòî-íèòü òåñòèðîâàë?
à òî â ñâÿçè ñ ïåðåõîäîì íà þíèêîä ïðîøèâêó è ñàìáó, òðåáóåòñÿ þíèêîä ôòï

ïîñìîòðåë òåìû ïî proftpd íî íå íàøåë îòâåòà íà ñâîé âîïðîñ. ïîìîãèòå ïîæàëóéñòà.

ïîñòàâèë proftpd. þçåðîâ áåðåò ñ /etc/passwd. àíîíèìóñû îòêëþ÷åíû.

êîãäà èäó èç Opera íà àäðåñ ftp://192.168.125.100 òî îïåðà êîððåêòíî ñïðàøèâàåò ëîãèí/ïàðîëü è ïóñêàåò â home-äèðåêòîðèþ þçåðà.

åñëè ïûòàþñü çàéòè ïî ftp ñ êëèåíòà, ïîëó÷àþ òàêîé òóïíÿê:

Resolving host name 192.168.125.100...
Connecting to (192.168.125.100) -> IP: 192.168.125.100 PORT: 21
Connected to (192.168.125.100) -> Time = 0ms
Socket connected waiting for login sequence.
Connection timeout. No response from server.
Cannot login waiting to retry (30s)...


ïîäñêàæèòå êàê áûòü? ñïàñèáî

Quote:

---

Originally Posted by begemot

ïîñìîòðåë òåìû ïî proftpd íî íå íàøåë îòâåòà íà ñâîé âîïðîñ. ïîìîãèòå ïîæàëóéñòà.

ïîñòàâèë proftpd. þçåðîâ áåðåò ñ /etc/passwd. àíîíèìóñû îòêëþ÷åíû.

êîãäà èäó èç Opera íà àäðåñ ftp://192.168.125.100 òî îïåðà êîððåêòíî ñïðàøèâàåò ëîãèí/ïàðîëü è ïóñêàåò â home-äèðåêòîðèþ þçåðà.

åñëè ïûòàþñü çàéòè ïî ftp ñ êëèåíòà, ïîëó÷àþ òàêîé òóïíÿê:

Resolving host name 192.168.125.100...
Connecting to (192.168.125.100) -> IP: 192.168.125.100 PORT: 21
Connected to (192.168.125.100) -> Time = 0ms
Socket connected waiting for login sequence.
Connection timeout. No response from server.
Cannot login waiting to retry (30s)...


ïîäñêàæèòå êàê áûòü? ñïàñèáî

---

Ïîïðîáóé äðóãîé êëèåíò.

Quote:

---

Originally Posted by vectorm

Ïîïðîáóé äðóãîé êëèåíò.

---

Èëè ïîïðîáîâàòü ïîèãðàòüñÿ ñ ïàññèâíûì ðåæèìîì ó êëèåíòà, åñëè íå âêëþ÷åí, òî âêëþ÷èòü åãî. Ó ìåíÿ ê ðîóòåðó öåïëÿåòñÿ èìåííî â ïàññèâíîì ðåæèìå, îí æå (ïàññèâíûé ðåæèì), åñëè ìíå íå èçìåíÿåò ïàìÿòü, ïî óìîë÷àíèþ â íàñòðîéêàõ áðîóçåðîâ ïðîïèñàí.

Íåò ëè îòâåòà íà ýòî âîïðîñ?

Ìîæíî ëè, õîòÿáû ïîñìîòðåòü, êà÷àåòñÿ ëè êåì-ëèáî ÷òî-íèáóäü â äàííûé ìîìåíò?

Ñìîòðè â /tmp/syslog.log. Ó ìåíÿ îí ïèøåò êòî ïîäêîííåêòèëñÿ è ñ êàêîé ñêîðîñòüþ ÷òî-íèòü ñêà÷àë.

Ýòî-òî ïîíÿòíî. À ìîæíî ëè êàê-íèáóäü óçíàòü, êòî _ñåé÷àñ_ êà÷àåò è ÷òî êà÷àåò?

äëÿ ñåðâåðà proftpd åñòü êîìàíäà ftptop
äëÿ âûâîäà êðàñèâîé ñòàòèñòèêè èç ôàéëà xferlog åñòü webalizer http://www.webalizer.org/sample/index.html

À åñëè ñåðâåð íå ïåðåóñòàíàâëèàòü, òî íè÷åãî óçíàòü íåëüçÿ?

Îòêðîâåííî ãîâîðÿ, ÿ íå î÷åíü ïîíèìàþ, çà÷åì Âàì ýòè ïîëüçîâàòåëè/ïàðîëè, êîòîðûå ïðèíöèïèàëüíî íå ìîãóò áûòü áåçîïàñíûìè áåç SSL.
Âîò ñäåëàòü áû õîðîøóþ ïîëèòèêó ïî ñêîðîñòè...
Ðàçäåëüíî äëÿ äîìà/ïðîâàéäåðñêîé ñåòè/èíòåðíåòà...
Äà åùå âîçìîæíîñòü ëîãèíà ëîêàëüíûõ ïîëüçîâàòåëåé ïî SSL...
Ìå÷òà.

Ïî ïîâîäó òàêîãî ðàçãðàíè÷åíèÿ ïî ñêîðîñòè ýòî ëåãêî äåëàåòñÿ â proftpd êëàññàìè, âðîäå ÿ âèäåë åãî òîæå íà ýòèõ àñóñàõ ñîáèðàþò.

Ïðèìåð:
<Class net1>
From 192.168.192.0/19
</Class>

<Class net2>
From 172.16.128.0/21
</Class>

<Class default>
From 0.0.0.0/0
</Class>

TransferRate APPE,RETR 2048 class net1
TransferRate APPE,RETR 10240 class net2
TransferRate APPE,RETR 512 class default

 proftpd-1.3.2 îôèöèàëüíî âñòðîèëè âîçìîæíîñòü ïåðåêîäèðîâêè! Ïî-ìîåìó òàê îäèí èç ëó÷øèõ ôòï ñåðâåðîâ.

Ñêîìïèëèðîâàë proftpd v1.3.2rc3 ñ ìîäóëåì mod_lang ïîä wl500gp. LangEngine ðàáîòàåò. Òîëüêî ïðè çàïóñêå ñ LangEngine "on" ïîÿâëÿåòñÿ ñîîáùåíèå:

Code:

---

# proftpd
SpIInnerGW - mod_lang/0.9: unable to bind to text domain 'proftpd' using locale path '/opt/share/locale': Invalid argument

---

Êîíôèã ïîêà ïðàêòè÷åñêè ïî-óìîë÷àíèþ. LangPath äîáàâèë ñàì.  óêàçàííîì êàòàëîãå êàê ðàç è åñòü locale ñî ñòðóêòóðîé êàòàëîãîâ ïî ÿçûêàì.
proftpd.conf:

Code:

---

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                        "ProFTPD Default Installation"
ServerType                        standalone
DefaultServer                        on
WtmpLog                        off
LangPath                        /opt/share/locale

# Port 21 is the standard FTP port.
Port                                21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                                022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                        10

LangEngine on
UseEncoding UTF-8 CP1251

<Global>
  RootLogin On
  RequireValidShell off
  AuthUserFile /etc/passwd
  AllowStoreRestart on
#  TransferRate RETR 25
#  TransferRate APPE,STOR 100:2048
</Global>


# Set the user and group under which the server will run.
User                                nobody
Group                                nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite                on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User                                ftp
  Group                                ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                        anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                        5

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                        welcome.msg
  DisplayChdir                        .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>

---

Ìîæåò êîìïèëèðîâàòü íàäî áûëî ñ êàêèì-òî îñîáåííûì ïàðàìåòðîì?

Ïðèêëàäûâàþ ipk, êîìó-íèáóäü ïðèãîäèòñÿ.

Ñòîèò íà ðîóòåðå webalizer õî÷ó ÷òî áû îí ðàç â ñóòêè çàïóñêàëñÿ.
Êàê ïðàâèëüíî ïðîïèñàòü àâòîçàïóñê â crontab?

crontab Âûãëÿäèò òàê:
# cat crontab
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/sbin:/opt/bin
MAILTO=""
HOME=/
# ---------- ---------- Default is Empty ---------- ---------- #

åñòü äèðåêòîðèÿ cron.d
ñ îäíèì ôàéëîì updatedb-daily

âîïðîñ íîìåð äâà êàê ïðàâèëüíî è ïðîùå ñäåëàòü ðîòàöèþ ëîãîâ?

Ïîñëåäíèé âîïðîñ: êàêèå ïðàâà íóæíî óñòàíîâèòü íà äèðåêòîðèþ ÷òîáû åå íå áûëî âèäíî â ñïèñêå, ïðè çàõîäå íà ôòï ñåðâåð, íèêîìó êðîìå åå âëàäåëüöà? ß ïîñòàâèë drwx------ íî åå âèäíî, õîòÿ çàéòè íåëüçÿ.

Quote:

---

Originally Posted by Snarpix

Ïîñëåäíèé âîïðîñ: êàêèå ïðàâà íóæíî óñòàíîâèòü íà äèðåêòîðèþ ÷òîáû åå íå áûëî âèäíî â ñïèñêå, ïðè çàõîäå íà ôòï ñåðâåð, íèêîìó êðîìå åå âëàäåëüöà? ß ïîñòàâèë drwx------ íî åå âèäíî, õîòÿ çàéòè íåëüçÿ.

---

Òàêèõ ïðàâ *NIX íå ïðåäóñìàòðèâàåò :rolleyes: òîëüêî ÷òåíèå-çàïèñü/èñïðàâëåíèå-èñïîëíåíèå êîäà/÷òåíèå ñîäåðæèìîãî ïàïêè... À çà÷åì? çàéòè íå ìîæåò è ëàäíî ... ïîäðîáíåå http://linuxopen.ru/2007/12/08/prava...y-v-linux.html

Quote:

---

Originally Posted by tempik

Òàêèõ ïðàâ *NIX íå ïðåäóñìàòðèâàåò :rolleyes: òîëüêî ÷òåíèå-çàïèñü/èñïðàâëåíèå-èñïîëíåíèå êîäà/÷òåíèå ñîäåðæèìîãî ïàïêè... À çà÷åì? çàéòè íå ìîæåò è ëàäíî ... ïîäðîáíåå http://linuxopen.ru/2007/12/08/prava...y-v-linux.html

---

À êàê æå ýòî ðåàëèçîâàíî â ðîäíîé ïðîøèâêå?

P.S. Ïðî÷èòàë ïðî ëèïêèé áèò. Ïîïðîáóþ ðåàëèçîâàòü ñ ïîìîùüþ åãî.

Quote:

---

Originally Posted by Snarpix

À êàê æå ýòî ðåàëèçîâàíî â ðîäíîé ïðîøèâêå?

P.S. Ïðî÷èòàë ïðî ëèïêèé áèò. Ïîïðîáóþ ðåàëèçîâàòü ñ ïîìîùüþ åãî.

---

Íå çíàþ êàê â ðîäíîé ïðîøèâêå (íè ðàçó íå âèäåë åå...) íî åñòü âîçìîæíîñòü çàäàâàòü äîìàøíèé êàòàëîã ïîëüçîâàòåëÿ è çïðåòèòü âûõîäèòü çà åãî ïðåäåëû íî ýòî íàðóøàåò çàäàííîå óñëîâèå
"íåîáõîäèìî áûëî ÷òîáû êàæäûé þçåð âèäåë ñâîþ ëè÷íóþ + îáùóþ äèðåêòîðèè"
Ç.Û. "ëèïêèé áèò" íå ïðî ýòî...

Óæå ïîíÿë ÷òî íå òî. Ëàäíî ñïàñèáî çà ïîìîùü, ïîäóìàþ íà äîñóãå êàê ðåàëèçîâàòü, âäðóã ïðèäóìàþ:D

Quote:

---

Originally Posted by Snarpix

Óæå ïîíÿë ÷òî íå òî. Ëàäíî ñïàñèáî çà ïîìîùü, ïîäóìàþ íà äîñóãå êàê ðåàëèçîâàòü, âäðóã ïðèäóìàþ:D

---

â ProFTPD åñòü íàñòðîéêè HideUser è HideGroup ...vsftpd ÈÌÕÎ ïîäîáíîãî íå èìååò ...

Èñêàë íîðìàëüíûé ìàíóàë ïî óñòàíîâêå è íàñòðîéêå proftpd, òàê è íå íàø¸ë â èòîãå ðåøèë ñîáðàòü èç âñåõ íàéäåííûõ â îäèí íîðìàëüíûé.
Ìàíóàë äåëàë ïî àíàëîãèè ñ ïðèìåðîì

Óñòàíàâëèâàåì íåîáõîäèìûå ïàêåòû.

Code:

---

ipkg install proftpd adduser

---

Ñîçäà¸ì ïîëüçîâàòåëåé. Äëÿ ïðèìåðà îäíîãî àíîíèìíîãî, äðóãîãî àäìèíèñòðàòîðà.

Àíîíèìíûé ïîëüçîâàòåëü

Code:

---

adduser userftp -d /opt/ftp/ -s /bin/false
adduser adminftp -d /opt/ftp/admin -s /bin/false

---

Ñîçäà¸ì ôàéë rîíôèãóðàöèè äëÿ Ftp.

Code:

---

nano /opt/etc/proftpd.config

---

Code:

---

ServerName                      "Necrom Station"
ServerType                      standalone
DefaultServer                  on
UseReverseDNS                  off
IdentLookups                    off

# Port 21 is the standard FTP port.
Port                            21
UseIPv6                        off
AllowForeignAddress            on
MasqueradeAddress              192.168.1.1

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                          022 022
MaxInstances                    8
MaxLoginAttempts                3

# Íå çàáûâàåì ïðî ëîãèðîâàíèå:
ExtendedLog                    /opt/var/log/proftpd/extend.log
TransferLog                    /opt/var/log/proftpd/transfer.log
SystemLog                      /opt/var/log/proftpd/syslog.log
ScoreboardFile                  /opt/var/run/proftpd.scoreboard

# Ìû íå áóäåì èñïîëüçîâàòü ôàéë /etc/ftpusers
UseFtpUsers                    off

PersistentPasswd                off
MultilineRFC2228                on

# "òàéìàóòû", ïî èñòå÷åíèþ êîòîðûõ ñåðâåð áóäåò çàêðûâàòü ñîåäèíåíèå
TimeoutLogin                    120
TimeoutNoTransfer              900
TimeoutStalled                  100
TimeoutIdle                    2200

<Global>
  RootLogin                      Off
  AuthUserFile                    /etc/passwd
  AllowStoreRestart              on
  ShowSymlinks                    on
  AllowOverwrite                  on
  DisplayChdir                    .message
  ListOptions                    .-l.
  RequireValidShell              off

#  TransferRate RETR 25
#  TransferRate APPE,STOR 100:2048
</Global>

<Limit ALL>
  DenyAll
</Limit>

# Set the user and group under which the server will run.
User                            nobody
Group                          nobody
DefaultRoot                    ~

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous /opt/ftp>
  User                          userftp
  Group                        ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                    anonymous userftp
  AuthAliasOnly                on

  # Limit the maximum number of anonymous logins
  MaxClients                    5

  # Îòêëþ÷àåì òðåáîâàíèÿ âàëèäíîãî øåëëà ïîëüçîâàòåëÿ
  # ïîçâîëÿåò "ïóñêàòü" â ñèñòåìó þçåðîì áåç äîñòóïà ïî SSH (nologin)
  RequireValidShell            on

  # Ñêðûâàòü ôàéëû è ïàïêè ïîëüçîâàòåëÿ root
  HideUser                    adminftp

  # Ðàçðåøàåì àâòîðèçàöèþ, ÷òåíèå ôàéëîâ è ïåðåìåùåíèå ïî ïàïêàì
  <Limit LOGIN READ DIRS>
        AllowAll
  </Limit>

  DisplayLogin                  welcome.msg
  #DisplayFirstChdir            .message

  # Ðàçðåøàåì çàïèñü
  <Directory upload/*>
        <Limit WRITE>
              AllowAll
        </Limit>
  </Directory>
</Anonymous>


# Îáúÿâëÿåì àíîíèìíûé ñåðâåð ñ êîðíåì â äîìàøåì êàòàëîãå ïîëüçîâàòåëÿ adminftp
<Anonymous ~adminftp>
                # Îò êîãî áóäåò ðàáîòàòü äåìîí
        User                    adminftp
        Group                  adminftp
     
        # Óñòàíîâêà âëàäåëüöà íà íîâûå ôàéëû   
        UserOwner              adminftp
        GroupOwner              adminftp
     
        # Âêëþ÷àåì çàïðîñ ïàðîëÿ
        AnonRequirePassword    on
 
        # Ðàçðåøàåì âñå äëÿ íàøåãî ïîëüçîâàòåëÿ
        <Limit ALL>
            Order Allow, Deny
            AllowUser                adminftp
        </Limit>
</Anonymous>

---

Äîáàâëÿåì ôàéë /etc/paswwd â àâòîçàãðóçêó

Code:

---

echo "/etc/passwd
/etc/group" >> /usr/local/.files
flashfs save && flashfs commit && flashfs enable

---

Ñîçäà¸ì ñêðèïò àâòîçàïóñêàÿ.

Code:

---

nano /opt/etc/init.d/S90proftpd
chmod +x /opt/etc/init.d/S90proftpd

---

Code:

---

#!/bin/sh

prefix="/opt"
PATH=${prefix}/bin:${prefix}/sbin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=proftpd
DAEMON=${prefix}/sbin/${NAME}
DAEMON_OPTS="-c ${prefix}/etc/proftpd.conf"

test -x $DAEMON || exit 0

if [ -z "$1" ] ; then
    case `echo "$0" | sed 's:^.*/\(.*\):\1:g'` in
        S??*) rc="start" ;;
        K??*) rc="stop" ;;
        *) rc="usage" ;;
    esac
else
    rc="$1"
fi

case "$rc" in
    start)
        echo "Starting ftp server: $NAME"
        $DAEMON $DAEMON_OPTS
        ;;
    stop)
        if [ -n "`pidof $NAME`" ]; then
            echo "Stopping ftp server: $NAME"
            killall $NAME 2> /dev/null
        fi
        ;;
    restart)
        "$0" stop
        sleep 1
        "$0" start
        ;;
    *)
        echo "Usage: $0 (start|stop|restart|usage)"
        ;;
esac

exit 0

---

Âîò â ïðèíöèïå è âñ¸.

P.s Äëÿ òîãî ÷òîáû áûëî âèäíî âî âíåøíåì ìèðå íóæíî äîáàâèòü 2 ïðàâèëà. È ïðîâåðèòü öåïî÷êó INPUT. Èíîãäà áûâàåò íå â ïîïàä ñòîèò ïðàâèëî DROP.

Code:

---

iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -I OUTPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -j DROP

---

Åñëè íå ïîëó÷èòñÿ ìîæíî ïîïðîáûâàòü âîò òàê

Code:

---

iptables -I INPUT 1 -p tcp --dport 21 -j ACCEPT
iptables -I OUTPUT 1 -p tcp --dport 20 -j ACCEPT

---

×òîá óäàëèòü iptables ïðàâèëî ïî íîìåðó

Code:

---

iptables -L INPUT --line-numbers
iptables -D INPUT íîìåð

---

×òîá ïðîòåñòèðîâàòü ñîåäèíåíèå íà ñòîðîíå ñåðâåðà ìîæíî èñïîëüçîâàòü êîìàíäó

Code:

---

tcpdump -npi vlan1 port 21 and host 10.1.1.1(âíåøíèé_ip)

---

È ïîïðîñèòü â ñåòè, êîãî íèòü ïðîâåðèòü ÷åðåç êîíñîëü ftp 10.1.1.1

Ïðèìåðíûé âèä äîëæåí áûòü ñëåäóþùèé.
iptables -nvL INPUT

Code:

---

Chain INPUT (policy ACCEPT 37 packets, 3796 bytes)
 pkts bytes target    prot opt in    out    source              destination       
    0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0          state INVALID
86375 8817K ACCEPT    all  --  *      *      0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
  18  1440 ACCEPT    all  --  lo    *      0.0.0.0/0            0.0.0.0/0          state NEW
  270 22017 ACCEPT    all  --  br0    *      0.0.0.0/0            0.0.0.0/0          state NEW
  83  2496 ACCEPT    2    --  *      *      0.0.0.0/0            224.0.0.0/4       
    0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            224.0.0.0/4        udp dpt:!1900
  126 14317 SECURITY  all  --  vlan1  *      0.0.0.0/0            0.0.0.0/0          state NEW
    0    0 ACCEPT    udp  --  *      *      0.0.0.0/0            0.0.0.0/0          udp spt:67 dpt:68
    0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            192.168.1.1        tcp dpt:80
    0    0 ACCEPT    tcp  --  *      *      0.0.0.0/0            0.0.0.0/0          tcp dpt:21
    0    0 DROP      all  --  *      *      0.0.0.0/0            0.0.0.0/0

---

Åñëè âîîáùå íå õî÷åò ðàáîòàòü, òî óáèâàéòå ïî 1 ïðàâèëó èç öåïî÷êè INPUT èëè âñ¸ öåïî÷êó äëÿ òåñòèðîâàíèÿ è ñìîòðèòå ãäå çàòîð. (Óáèòü âñå ïðàâèëà iptables -F INPUT)
Ïðàâèëà ÷àñòè÷íî ïîçàèìñòâîâàë ñ ýòèõ ïîñòîâ
15 è 167

Åù¸ ÷èòàë ÷òî áûâàþò ïðîáëåìû ñ UPnP. Âçÿòî îòñþäà

Quote:

---

UPnP íå ïîä÷èùàåò çà ñîáîé port mappings è îñòàâëÿåò çàïèñè â nvram. Ïîñìîòðåòü ýòè çàïèñè ìîæíî òàê:

nvram show | grep "forward_port"

forward_port0=9999-9999>192.168.1.1:9999-9999,udp,on,Azureus UPnP 9999 UDP
forward_port1=9999-9999>192.168.1.1:9999-9999,tcp,on,Azureus UPnP 9999 TCP
forward_port2=49001-49001>192.168.1.1:49001-49001,udp,on,Azureus UPnP 49001 UDP
forward_port3=3000-3000>192.168.1.1:3000-3000,tcp,on,EiskaltDC++ 3000 (TCP)
forward_port4=3031-3031>192.168.1.1:3031-3031,tcp,on,EiskaltDC++ 3031 (TCP)
forward_port5=3000-3000>192.168.1.1:3000-3000,udp,on,EiskaltDC++ 3000 (UDP)

Ïîñëå ïåðåçàãðóçêè ýòè çàïèñè ïîïàäàþò â iptables è ìîãóò ïîðòèòü íàñòðîéêè NAT.

iptables -t nat -L -nv

Óäàëèòü çàïèñè èç nvram ìîæíî êîìàíäîé "nvram unset XXX"

Î÷èñòèòü âñå çàïèñè ìîæíî ñêðèïòîì:

for a in `nvram show | grep "forward_port" | sed "s/=.*//"` ; do nvram unset $a ; done

---

Íå âèäèò ðîóòåð èçâíå, ïðîáðîñ íå ïîìîãàåò :(
Äàâíåíüêî íàñòðàèâàë äëÿ ñåðâåðà vsftpd, äåëàë ïðîáðîñ è âñå íîðìàëüíî ðàáîòàëî, ñåé÷àñ âîò ñ proftpd íà ñàìîì ðîóòåðå íèêàê. À ïîäíèìàëñÿ ôòï êàê ðàç ñ öåëüþ, ÷òîáû íàðóæó.