FTP ñåðâåð.

[SpiderX]

Ñíèìîê4.JPG

Âîîáùå-òî â íàñòðîéêå ñ íóëÿ ñêàçàíî, àíîíèìó Ðèä Îíëè ïðàâà äàòü.

Âîçüìèòå ôëåøêó, ôîðìàòíèòå ïîä âèíäîé.
Âñóíüòå â àñóñ.
Âûïîëíèòå:

killall stupid-ftpd smbd nmbd (óáèâàåì äåìîíû ôòï, ñàìáû)
umount /tmp/harddisk (îòìîíòèðóåì íàøó ôëåøêó)
mke2fs -j /dev/scsi/host0/bus0/target0/lun0/part1 (ôîðìàòèðóåì â ext3)
reboot (ïåðåãðóæàåì ðîóòåð, ÷òîáû ôëåøêà ñìîíòèðîâàëàñü ñàìà ïî ñåáå ñíîâà è çàïóñòèëèñü îòêëþ÷åííûå íàìè äåìîíû)
ls /tmp/harddisk (åñëè óâèäèòå ïàïêè, è íå áóäåò îøèáêè çíà÷èò âñå ñìîíòèðîâàíî è ìîæíî äâèãàòüñÿ äàëüøå)

[Vovus]

read-only ïîïðàâëþ, ïîïðîáóþ òàê, êàê ðåêîìåíäóåòå - îòïèøóñü!
Ñïàñèáî âñåì!

[Vovus]

íåà ...

[Mam(O)n]

Âûâîä êîìàíä â ñòóäèþ:
ls -R /dev/discs/disc*/
lsmod

[SpiderX]

Vovus
Ãäå òîð÷èò ôëåøêà?
 íèæíåì èëè â âåðõíåì þñá-ïîðòó?

[Vovus]

Âñåì îãðîìíîå ñïàñèáî, îñîáåííî SpiderX, ïðè òîì, ÷òî âñå ÁÛËÎ òàê, êàê ïîêàçàë â ïðåäèäóùåì ïîñòå, - âñå ðàáîòàåò!!!
p.s. â USB âåðõíåì, â íèæíåì, - ïðèíåð, - òîæ, êñòàòè, ðàáîòàåò (hp LJ1022)
ß ñ÷àñòëèâ!!!

[Vovus]

ïîÿâèëñÿ âîïðîñ. Êàæåòñÿ âñå ðàáîòàåò, íà êàðòó 3,75 óæå ïîëîæåíî > 2 Gb - äåëàþ âûâîä, ÷òî îíà Ext3. Â ïðàâàõ äîñòóïà êàêàÿ-òî ñòðàííîñòü, èçâíå, äàæå ïðè ââîäå ïàðîëÿ àäìèíà, ïðè òîì,÷òî âèæó âñå ïàïêè: pub è pvt, íå ìîãó çàëèâàòü ôàéëû ê ñåáå, çàáèðàòü ìîãó. Ãäå íóæíî è ÷òî ñäåëàòü êðîìå òîãî, ÷òî ÿ ñäåëàë ïîëüçîâàòåëÿ ñ ëîãèíîì è ïàðîëåì (â äîïîëíåíèå ê anonymous) ñ ïðàâàìè read&write... ?
p.s. IP ïðÿìîé, áåç VPN, â íàñòðîéêàõ ñòîèò static ip

[mikail]

Êàê íàñòðîèòü, ÷òî áû ìîæíî áûëî èìåòü äîñòóï ê ðîóòåðó, ftp, ïðèíòåðó ñâîåé ñåòè èç èíòåðíåòà. Âíåøíèé ip çàâåë, ÷òî äàëüøå..?
Ñïàñèáî

Õì, à êàê áû íàñòðîèòü, ÷òîáû òàêîé äîñòóï îòñóòñòâîâàë êàê êëàññ?
Õîòåëîñü áû ïåðåáðàñûâàòü ñ íîóòà íà êîìï è îáðàòíî ôàéëû... Åñëè áû èõ áûëî ìàëî, âîïðîñ ðåøèëñÿ áû îòêëþ÷åíèåì ñëóæáû ñåðâåðà è ôëåøêîé, íî ôàéëî áûâàåò ïî ãèãà äâà (ôèëüì-îáðàçû äèñêîâ), à âïóñêàòü â ëîêàëêó ñåáå êóëõàöêåðîâ î÷åíü íå õî÷åòñÿ...

[dezinfo]

iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 1501 -j ACCEPT
iptables -A INPUT -j DROP

конечно хорошо, но вот без этого у меня не заработало

iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 1501 -j DNAT --to-destination $4:1501

Я так понял это команды Port Forwarding. Так у меня без них не работало.
В итоге сделал так через веб интерфейс NAT setting -> Virtual Server убрал порты 21 и 1501
в post-firewall добавил, конечный вариант post-firewall выглядит так

iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21
iptables -A INPUT -p tcp --dport 1501 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 1501 -j DNAT --to-destination $4:1501
iptables -A INPUT -j DROP

И при таком раскладе все заработало !!! Может кому пригодится.

[DrSpawn]

Íàâåðíî ÿ êðèâîé. Âîò ìîé post-firewall:

Code:

iptables -I INPUT -p tcp --dport 1980 -j ACCEPT
iptables -I INPUT 7 -p tcp  --dport 2106:2706 -j ACCEPT
# Allow access to vsftpd server from WAN
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 21 -j DNAT --to-destination $4:21

vsftpd.conf îäèí â îäèí, êàê íà íåñêîëüêî ïîñòîâ âûøå, òîëüêî ïóòè ðàçíûå.
Ñ êîìïà ñâîåãî öåïëÿþñü íà ôòï, à èç wan íåò (ïðîáîâàë ñ øåëà íà ñåðâàêå â èíåòå)
Òóò ñêàçàëè ÷òî 21-é ïîðò "stealthed"
Ìîæåò ó ìåíÿ ÷òî íàïóòàíî â ïðàâèëàõ iptables?

[Mam(O)n]

DrSpawn, âìåñòî òîãî, ÷òî ó òåáÿ òàì íàïèñàíî ëó÷øå ïîïðîáóé òàê:

Code:

iptables -P INPUT DROP
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 1980 -j ACCEPT
iptables -A INPUT -p tcp --dport 2106:2706 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

[DrSpawn]

Mam(O)n,
Áëàãîäàðþ çà ïîìîùü! íåäåëþ íåðàáîòàë èíòåðíåò

[Oleg Bel]

Ïðîøó ïîìî÷ü ñ íàñòðîéêîé ASUS WL-500G Premium â ñëó÷àå, åñëè íà îäíîì èç IP âî âíóòðåííåé ïîäñåòè (LAN) ïîäíÿòà ñëóæáà FTP.

Ñîáñòâåííî, íóæíî ïîìî÷ü òîëüêî ñ íàñòðîéêîé Firewall, ò.ê. ïðîáðîñ ïîðòà ÿ óæå ñäåëàë, íî ñîåäèíÿþñü ÷åðåç "ïðîáðîøåííûé" ïîðò ðîóòåðà òîëüêî èç ñâîåé âíóòðåííåé ïîäñåòè (LAN).

Èç WAN ñåòè ðîóòåðà ñîåäèíåíèå ñ ìîèì FTP ñåðâåðîì (êîòîðûé âíóòðè LAN) íå ïðîèñõîäèò - êàæåòñÿ, åãî áëîêèðóåò ôàéðâîëë ðîóòåðà.

[mike934]

Ó ìåíÿ íà WL-500gP óñòàíîâëåí vsftpd. Àêòèâíûé ftp êëèåíò èç èíòåðíåòà ìîæåò ñêà÷èâàòü ôàéëû, à ïàññèâíûé - íåò.

Code:

Mon Jan 21 12:34:46 2008 [pid 452] CONNECT: Client "83.102.193.36"
Mon Jan 21 12:34:46 2008 [pid 452] FTP response: Client "83.102.193.36", "220 Welcome to my home ftp server."
Mon Jan 21 12:34:46 2008 [pid 452] FTP command: Client "83.102.193.36", "USER anonymous"
Mon Jan 21 12:34:46 2008 [pid 452] [anonymous] FTP response: Client "83.102.193.36", "331 Please specify the password."
Mon Jan 21 12:34:47 2008 [pid 452] [anonymous] FTP command: Client "83.102.193.36", "PASS <password>"
Mon Jan 21 12:34:47 2008 [pid 451] [ftp] OK LOGIN: Client "83.102.193.36", anon password "?"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "230 Login successful."
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "SYST"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "215 UNIX Type: L8"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "PWD"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "257 "/""
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "TYPE I"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "200 Switching to Binary mode."
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "REST 0"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "350 Restart position accepted (0)."
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "PWD"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "257 "/""
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "PASV"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "227 Entering Passive Mode (212,1,230,45,109,94)"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "TYPE A"
Mon Jan 21 12:34:47 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "200 Switching to ASCII mode."
Mon Jan 21 12:35:05 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "????ABOR"
Mon Jan 21 12:35:05 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "225 No transfer to ABOR."
Mon Jan 21 12:35:05 2008 [pid 453] [ftp] FTP command: Client "83.102.193.36", "TYPE I"
Mon Jan 21 12:35:05 2008 [pid 453] [ftp] FTP response: Client "83.102.193.36", "200 Switching to Binary mode."

Ïîñëå "200 Switching to ASCII mode." ïðîõîäèò 20 ñåêóíä ìîë÷àíèÿ è íà ýòîì âñ¸ êîí÷àåòñÿ. Åñëè íà ðîóòåðå ïîëíîñòüþ îòêëþ÷èòü ôàåðâîë, òî ïàññèâíûé êëèåíò ðàáîòàåò áåç ïðîáëåì. À ïðè âêëþ÷¸ííîì ôàåðâîëå ïàññèâíûé êëèåíò çàòûêàåòñÿ, äàæå êîãäà ÿ ñòàâëþ INPUT -j ACCEPT. Âîò êîíôèãóðàöèÿ vsftpd

Code:

anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
vsftpd_log_file=/opt/var/log/vsftpd.log
ascii_download_enable=YES
ftpd_banner=Welcome to my home ftp server.
ls_recurse_enable=YES
secure_chroot_dir=/opt/usr/share/empty
listen=YES
check_shell=NO
chroot_local_user=YES
anon_root=/tmp/harddisk/ftp_pub
local_root=/tmp/harddisk/ftp_pvt
ftp_username=ftp
log_ftp_protocol=YES
pasv_address=212.1.230.45

×òî çäåñü íàäî äîáàâèòü/óäàëèòü/èñïðàâèòü, ÷òîáû ïàññèâíûé ftp êëèåíò ìîã ñêà÷èâàòü ôàéëû? Äà, åñëè ýòî âàæíî: ïðîøèâêà WL500gp-1.9.2.7-7g.

[Zyxmon]

Óêàçàòü äèàïàçîí ïîðòîâ äëÿ ïàññèâíîãî ðåæèìà â êîíôèãóðàöèè vsftpd è ðàçðåøèòü èõ â iptables. Åñëè âèñèò íå íà ñòàíäàðòíîì 21 ïîðòó, ìîæíî ïîïðîáîâàòü íàñòðîèòü ip_conntrack_ftp - http://wl500g.info/showpost.php?p=54048&postcount=6