[BlueOnyx:02183] Re: Proftpd and firewall
Michael Stauber
mstauber at blueonyx.it
Mon Aug 24 17:02:41 -05 2009
Hi Martin,
> I am using Pfsense as firewall solution, and I am very happy with it,
> however i do have some problems with FTP. I found an article on how to
> fix it, but it involves editing the proftpd.conf file.
>
> So i was wondering if it is safe to login, change the config file to:
>
> Include:
>
> MasqueradeAddress 123.45.67.89 # Outside IP.
>
> Change:
> Passive port range to a smaller range?
Yeah, you can change the passive port range to something smaller. Usually it
is port 49152-65534 as defined in this section in /etc/proftpd.conf:
# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts 49152 65534
</Global>
I'm not so sure about the "MasqueradeAddress", though. This shouldn't be
necessary and it ought to work without it. But you can of course give it a
try.
Just keep in mind: When you make changes to /etc/proftpd.conf you have to
restart XINETd for the change to take effect:
/etc/init.d/xinetd restart
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list