Ftp configuration

    • Source Code

      1. ​[code]root@omv:/# omv-showkey sharedfolder
      2. <sharedfolder>
      3. <uuid>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</uuid>
      4. <name>xxx</name>
      5. <comment>xxx</comment>
      6. <mntentref>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</mntentref>
      7. <reldirpath>xxx</reldirpath>
      8. <privileges>
      9. <privilege>
      10. <type>user|group</type>
      11. <name>xxx</name>
      12. <perms>0 = no permission|5 = read and execute|7 = read, write and execute</perms>
      13. </privilege>
      14. </privileges>
      15. </sharedfolder>
      16. <sharedfolder>
      17. <uuid>ffeb3ce0-bfcd-40f3-851f-7c2ca87ff900</uuid>
      18. <name>MainBackup</name>
      19. <comment>Genel depolama alanı</comment>
      20. <mntentref>2f4aa896-3ec3-432f-acff-2154158e5145</mntentref>
      21. <reldirpath>MainBackup/</reldirpath>
      22. <privileges>
      23. <privilege>
      24. <type>user</type>
      25. <name>elifbilal</name>
      26. <perms>7</perms>
      27. </privilege>
      28. <privilege>
      29. <type>user</type>
      30. <name>hakanatmaca</name>
      31. <perms>7</perms>
      32. </privilege>
      33. <privilege>
      34. <type>group</type>
      35. <name>uskudarresidence</name>
      36. <perms>7</perms>
      37. </privilege>
      38. </privileges>
      39. </sharedfolder>
      40. <sharedfolder>
      41. <uuid>69724d30-c95b-4441-a6bc-7188f9820006</uuid>
      42. <name>Time-Machine</name>
      43. <comment>time machine backup</comment>
      44. <mntentref>c24068a3-205d-4239-ab33-7901c77fd6c4</mntentref>
      45. <reldirpath>Time-Machine/</reldirpath>
      46. <privileges>
      47. <privilege>
      48. <type>user</type>
      49. <name>hakanatmaca</name>
      50. <perms>7</perms>
      51. </privilege>
      52. </privileges>
      53. </sharedfolder>
      54. root@omv:/#
      Display All
    • Source Code

      1. ​root@omv:/# ls -la /media/84871d57-4370-4b69-9e99-ad0d2ddbcc45/MainBackup
      2. total 72
      3. drwxrwsr-x+ 11 root users 4096 Oct 13 16:39 .
      4. drwxr-xr-x 5 root root 4096 Oct 13 16:42 ..
      5. drwxrwsr-x+ 2 root users 4096 Oct 13 16:43 .AppleDB
      6. drwxrwsr-x+ 2 root users 4096 Oct 12 21:08 .AppleDesktop
      7. drwxrwsr-x+ 2 root users 4096 Oct 13 00:21 .AppleDouble
      8. -rwxrwxr-x 1 root users 21508 Oct 13 16:43 .DS_Store
      9. drwxrwsr-x+ 5 root users 4096 Oct 12 23:11 Elif
      10. drwxrwsr-x+ 9 root users 4096 Oct 13 16:37 Hakan
      11. drwxrwsr-x+ 3 root users 4096 Oct 12 21:10 Levent
      12. -rwxrwxr-x 1 root users 1219 Oct 12 21:54 mount.json
      13. drwxrwsr-x+ 3 root users 4096 Oct 12 21:08 Network Trash Folder
      14. drwxrwsr-x+ 3 root users 4096 Oct 12 21:08 Temporary Items
      15. drwxrwsr-x+ 3 root users 4096 Oct 12 21:19 tmp
      16. root@omv:/#
      Display All
    • Source Code

      1. ​root@omv:/# cat /etc/proftpd/proftpd.conf
      2. Include /etc/proftpd/modules.conf
      3. LoadModule mod_vroot.c
      4. UseIPv6 on
      5. ServerName "omv"
      6. ServerType standalone
      7. DeferWelcome on
      8. MultilineRFC2228 on
      9. DefaultServer on
      10. ShowSymlinks on
      11. DisplayChdir .message true
      12. ListOptions "-l"
      13. MaxInstances 30
      14. DenyFilter \*.*/
      15. AuthPAMConfig proftpd
      16. User proftpd
      17. Group nogroup
      18. Umask 000 000
      19. PersistentPasswd off
      20. TimesGMT off
      21. AllowOverwrite on
      22. AuthOrder mod_auth_pam.c* mod_auth_unix.c
      23. DefaultTransferMode ascii
      24. #SystemLog /var/log/proftpd/proftpd.log
      25. <IfModule mod_facl.c>
      26. FACLEngine on
      27. </IfModule>
      28. <IfModule mod_quotatab.c>
      29. QuotaEngine off
      30. </IfModule>
      31. <IfModule mod_ratio.c>
      32. Ratios off
      33. </IfModule>
      34. <IfModule mod_delay.c>
      35. DelayEngine on
      36. </IfModule>
      37. <IfModule mod_ctrls.c>
      38. ControlsEngine on
      39. ControlsMaxClients 2
      40. ControlsLog /var/log/proftpd/controls.log
      41. ControlsInterval 5
      42. ControlsSocket /var/run/proftpd/proftpd.sock
      43. </IfModule>
      44. <IfModule mod_ctrls_admin.c>
      45. AdminControlsEngine off
      46. </IfModule>
      47. <IfModule mod_vroot.c>
      48. VRootEngine on
      49. VRootLog /var/log/proftpd/vroot.log
      50. </IfModule>
      51. Port 21
      52. TransferLog /var/log/proftpd/xferlog
      53. IdentLookups off
      54. UseReverseDNS off
      55. TimeoutIdle 120
      56. TimeoutNoTransfer 600
      57. TimeoutStalled 600
      58. PassivePorts 21150 21160
      59. AllowRetrieveRestart on
      60. AllowStoreRestart on
      61. DeleteAbortedStores off
      62. <Directory />
      63. HideFiles (welcome.msg)
      64. </Directory>
      65. <IfModule mod_vroot.c>
      66. VRootAlias "/media/84871d57-4370-4b69-9e99-ad0d2ddbcc45/MainBackup" "MainBackup"
      67. </IfModule>
      68. <Directory /MainBackup>
      69. <Limit ALL>
      70. AllowUser OR elifbilal,hakanatmaca
      71. AllowGroup OR uskudarresidence
      72. DenyAll
      73. </Limit>
      74. <Limit READ DIRS>
      75. AllowUser OR elifbilal,hakanatmaca
      76. AllowGroup OR uskudarresidence
      77. DenyAll
      78. </Limit>
      79. </Directory>
      80. <IfModule mod_auth.c>
      81. DefaultRoot /srv/ftp
      82. MaxClients 10
      83. MaxLoginAttempts 1
      84. RequireValidShell off
      85. # This option is useless because this is handled via the PAM
      86. # pam_listfile.so module, so set it to 'off' by default.
      87. UseFtpUsers off
      88. </ifModule>
      89. <IfModule mod_ban.c>
      90. BanEngine off
      91. BanControlsACLs all allow user root
      92. BanLog /var/log/proftpd/ban.log
      93. BanMessage Host %a has been banned
      94. BanTable /var/run/proftpd/ban.tab
      95. </ifModule>
      96. DisplayLogin /srv/ftp/welcome.msg
      97. <IfModule mod_wrap.c>
      98. TCPAccessFiles /etc/hosts.allow /etc/hosts.deny
      99. TCPAccessSyslogLevels info warn
      100. TCPServiceName ftpd
      101. </ifModule>
      102. root@omv:/#
      Display All
    • hknatm wrote:

      with filezilla i can write to directory locally.

      So all this time was a client problem....just curious which was the client?

      hknatm wrote:

      but still there is a problem with wan connection.

      You mention you fix that buying a static ip from your ISP, so you can technically access from outside your network right? you can test this with smartphone using the carrier data.

      Now what your asking apparently is connecting in LAN using the WAN ip, that's a function on the router is called nat reflection, nat loopback, etc. Some routers don't even have that have that option.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • Ftp configuration

      Now let me clear up.
      I can log in locally with ftp and read files , with filezilla i can read and write, thanks to you.
      But when i try to access with my carrier connection to my wan ip , i can log in my router's web ui; but no connection at all about ftp. It errors about connectiob time failure.
      I hope i could explain my situation :/
    • Basically, you cannot use the same instance of FTP server and access it via two different IP addresses. You should have 2 instances of the FTP server, one configured to be used on the LAN and one on the WAN. I'm going to deconstruct the FTP protocol, so that you understand how things work.

      Objective: connect to the FTP server from the Internet (WAN IP)
      • get a more or less fixed IP address for the internet connection (either a static IP or a hostname that is updated whenever the IP changes - noip, dyndns etc.)
      • configure the router with port forwarding rules for the FTP command port (21) and the FTP transfer ports (a range of ports >1024 and <65535)
      • configure the FTP server to use that WAN IP and port range when communicating to clients.
      Now for a bit of theory: the FTP command protocol is the one which exchanges messages about source and destination IPs and ports, in order to prepare and establish the TCP connections to transfer the binary data of files. One of the peers is the "active" one, meaning it can open a TCP port in listening state and expect an incoming connection request, while the other peer is the "passive" one and will initiate the connection towards the "active" peer. The connection needs at least one of the peers to be "active", thus reachable through any routers and firewalls, and that's why you do the router configuration to ensure that anyone else, active or passive, can connect to your FTP.

      Here's how the communication between the Server (active) and Client (passive) occurs:
      Client tells the Server: I want to send/receive a file.
      Server responds: Ok, I have opened a socket on IP:port, please connect.
      Client connects to specified IP:port and transfers the data.

      So, as part of the protocol, the FTP server communicates not only the (random) port on which it is listening for connections, but also the IP address to which the client must connect to. For a FTP server configured to be accessed from the Internet through a router, the FTP server will annouce the WAN IP in this message, and never the LAN IP (which would be not routable and the remote client would not be able to connect to it), although the server's machine is operating on a LAN IP itself. It is the configuration of the FTP instance which instructs the FTP server to advertise the WAN IP.

      This will work for a client on the Internet: it gets a routable IP address and a port, it will connect to it and end up on a router, the router will forward the connection to the LAN IP where the server is, and the transfer will proceed.

      However, a client on the LAN side will also receive a message to connect to the WAN IP and port, instead of being told to use directly the LAN IP. The FTP server can't differentiate between LAN and WAN clients to send different messages, so it always sends the same IP address, as instructed in its configuration.

      So what happens then with the LAN client? It attempts to initiate a TCP connection to the routable IP address on the WAN side. The operating system identifies that the desired target is outside the local subnet, so it forwards the connection request to the default gateway - the router. The router performs Network Address Translation on the connection and forwards it to the Internet interface, but the target is actually its own WAN port. The router then identifies that this connection needs to be forwarded back through the Port Forwarding rule to a LAN IP address, and this is where things usually stop. In routers there's commonly a built-in security mechanism to prevent spoofing of source IP addresses in packets received on the WAN port, so that malicious people don't attack internal servers by making the packets appear as being originated from another LAN client.

      And this is why the connection from LAN will not work to the same FTP server instance which is otherwise accessible from the Internet.

      The solution for this is to have 2 instances of the FTP server running, with 2 separate network configurations: one for LAN clients, configured to work on one port and advertise its LAN IP and its own range of active ports (which don't need to be forwarded in the router), and another instance for WAN clients, configured with another port, advertising the WAN IP and another range of active ports which match the Port Forwarding rules in the router.