Hello I have a CentOS 5.3 x86_64 machine with Virtualmin Pro. Problem is I never needed FTP on this one, but now I do. I had ProFTPd vs 1.3.0 installed by the Virtualmin script (not working), but read about a few bugs with Filezilla and IPV6 and thought this is the problem. So I upgraded to 1.3.1, and tested again, upgraded to 1.3.2 and tested again; restarted the server , checked the config files etc. Strange is that on my other server with Virtualmin GPL and ProFTPd 1.3.1 installed separately and everything by hand, it works great with no fuzz.
Now I have proftpd-1.3.2-2.1.el5.kb (it shouldn't pose any problem in my knowledge and it's x64) and I'm getting a single error in my messages log: Aug 19 12:44:29 ns1 proftpd[14188]: ns1.xxxxx.ro (::ffff:79.119.17.209[::ffff:79.119.17.209]) - Connection from ::ffff:79.119.17.209 [::ffff:79.119.17.209] denied.
With the initial version 1.3.0 (that's why I upgraded) i was getting this (now gone) error: Aug 19 12:07:13 ns1 proftpd[11809]: ns1.xxxxxx.ro - error setting IPV6_V6ONLY: Protocol not available
My conf file (I want specific users only to get access - someuser.somedomain - working as intended on my other server as I said):
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "FTP server"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nobody
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Securitatea vietii How-To-Forge
IdentLookups off
ServerIdent on "FTP Server > Gata de lucru."
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
# Limit LOGIN to anyone not in the groups
<Limit LOGIN>
Order deny,allow
Deny from 168.13.162.120,208.76.245.135,81.19.151.110,195.37.209.43
AllowUser someuser.somedomain
AllowUser someuser.somedomain
AllowUser someuser.somedomain
AllowUser someuser.somedomain
AllowUser someuser.somedomain
DenyAll
</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Global>
DisplayConnect ""Hmmm sa vedem cine esti...""
DisplayGoAway ""Prea multe conexiuni, vai!""
DisplayLogin ""Bun venit! Bucuros de transferuri!""
DisplayQuit ""Toate cele bune!""
ServerIdent on "Bun venit! Bucuros de transferuri!"
</Global>
RootLogin off
DisplayConnect ""Hmmm sa vedem cine esti...""
DisplayGoAway ""Prea multe conexiuni, vai!""
DisplayLogin ""Bun venit! Bucuros de transferuri!""
DisplayQuit ""Toate cele bune!""
No reply in days? That's odd :)
Man, this is the simplest & dumbest conf file ever... What the hell is wrong with it?
Don't take the name of root in vain...Is there anything listed in /etc/hosts.deny?
Also, do you run into the same errors if you try a different FTP client?
-Eric
Thanks for the reply.
Nothing in /etc/hosts.deny, the ports are open, the IP from wich i'm trying to connect is not blacklisted anywhere - this were the first things I cheked. I would really like to use proftpd, mostly because virtualmin - never had any problems.
BTW - I removed IPV6 suport by adding UseIPv6 off in the conf file. Same Error with an IPV4 flavour :)
*Ahhh, another client, not server; tried - Filezilla and Fire FTP. I don't think those could be responsable. Reliable software, both of them.
Don't take the name of root in vain...Okay, agreed, I don't think the FTP client should be the issue; but I figured we rule that out before getting too far :-)
Looking through your config, the biggest question in my mind is that "deny" section (which I know you said works fine on another server).
I'm curious, though -- if you were to comment out that entire block, and restart ProFTP, if it would begin working.
If that works, we can figure some things out from there :-)
So, for testing, I'd recommend commenting this out:
<Limit LOGIN>Order deny,allow
Deny from 168.13.162.120,208.76.245.135,81.19.151.110,195.37.209.43
AllowUser someuser.somedomain
AllowUser someuser.somedomain
AllowUser someuser.somedomain
AllowUser someuser.somedomain
AllowUser someuser.somedomain
DenyAll
</Limit>
And then restart the FTP service -- are you able to log in at that point?
-Eric
Hello and thanks - solved the problem - I removed the lines:
Order deny,allow Deny from 168.13.162.120,208.76.245.135,81.19.151.110,195.37.209.43
and just worked - I wonder why the other server doesn't have the same problem. As I said it's just another proftpd version... and pretty much the same setup.
Thank you for your time!
Don't take the name of root in vain...