Acesso pela internet

alexfelicioni
(usa Debian)

Enviado em 02/05/2012 - 14:43h

Bom dia

Acabei de subir um servidor proftpd o qual funciona perfeitamente na rede interna, porém ele recusa as conexões vindas da internet.

O problema não é firewall, uma vez que coloquei todas as opções do iptables polices do iptables como ACCEPT e não possuo nenhuma regra, já que acabei de instalar ubuntu server e não criei nenhuma regra.
Estou atráz de um roteador, porém redirecionei a porta 29, a qual estou usando pelo fato da 21 ser bloqueadda, para o ip do servidor proftp, ele recebe a solicitação, autentica mas não exibe asa pastas e dá erro de time out.
Já lí vários tutoriais e até agora nenhum solucionou meu problema, peço aos cologar que já passaram por esta situação que me ajudem pois não sei mais o que fazer para resolver este impace.
Até mesmo eliminei o roteador e liguei o server diretamente no modem, ficando ele com o ip válido a fim de verificar se era o router, mas o mesmo problema ocorreu.


desde jaá agradeço aos colegas

segue meu proftpd.conf

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off

ServerName "ftp"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
AllowForeignAddress on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 29

# In some cases you have to specify passive ports range to by-pass
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
PassivePorts 49152 49170

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
MasqueradeAddress santsystem.ddns.com.br

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho

# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

# Logging onto /var/log/lastlog is enabled but set to off by default
#UseLastlog on

# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

danniel-lara
(usa Fedora)

Enviado em 02/05/2012 - 15:09h

ja verificou os logs ?

tive um problema , era um problema de dns
pois eu usava noip e ai tive que ajudar o dns
e resolveu tudo

alexfelicioni
(usa Debian)

Enviado em 02/05/2012 - 17:04h

eu uso ddns. como voce solucionou ? posta aí o que voce fez.
estou usando o DNS da telefonica.

Valeu.

danniel-lara
(usa Fedora)

Enviado em 02/05/2012 - 17:08h

bom vi que na sua configuração esta assim

MasqueradeAddress santsystem.ddns.com.br

bom coloque o santsystem.ddns.com.br
no hosts da sua maquina para o ip do servidor e testa