SlrG

Hi loady, what does the syslog say this time, when you try to connect? To enable passive ports you put the following in your proftpd.conf: PassivePorts 49152 65534 Change it to the port range you want and forward the same range from your router to the unraid server.

@loady I'm no dd-wrt user, so I can't say. But lets try this: On the port forwarding page enable your proftpd rule, this will forward external port 51302 to internal port 21 on your server. Make sure you have clicked apply settings. Then in your webbroser address field enter: ftp://your.dyndns-address.com:51302/ What message do you get? If it doesn't work try this to check if your port is open. If you want to forward ports for passive use, you have to tell proftpd to use those ports. Normally it won't. Have a look here. The article you linked to, explains a proftpd ftp server running on the dd-wrt router.

@loady I can connect via dyndns and webbrowser to the proftpd on my unraid machine, so yes it should be possible. What does the syslog of your unraid machine show for the time you tried to connect? If it doesn't show anything, the server got no connection. If it does, please post this part of the log. If ftp connection works internally everything regarding proftpd should be setup correctly. If the external connect fails, it is propably caused by the portforwarding on your router. Sometimes it isn't enough to forward to port 21 only. It may be required to forward a fixed passive range, too. See this writeup here. I don't know if this is the problem, but it could be. edit: Also you could try using a different port. If you have a look at this list of ports, not registered and free for personal usage is everything from 49152 to 65535.

Sadly it doesn't explain your problem. Lets analyse the lines: dave:x:1002:100:ftpuser /mnt/disk1/audiobooks:/mnt/disk1/audiobooks:/bin/false test:x:1003:1003:ftpuser:/home/test: ftpuser is the keyword my plugin scans the password file for. Every user with this keyword will be allowed ftpacces. Users without this keyword will be blocked. This is a security measure, so users with shell access can't be hacked if the ftp is compromised. If a path is given after the keyword it will be extracted and put in the next field (this is the home directory field), lastly a /bin/false will be added (this is an invalid shell command), so shell access for ftpusers will fail, even if their password gets cracked. Your line for user dave looks perfectly normal. The test line you created by shell doesn't, but that doesn't explain the dave problem. What made me ask you to post the file is this line from your log: Jun 29 19:12:52 Hilda proftpd[17635]: 127.0.0.1 (192.168.1.115[192.168.1.115]) - notice: unable to use '~/' [resolved to '/mnt/cache/FTP/']: No such file or directory I can't understand why he resolves to /mnt/cache/FTP. That is my FTP directory I have setup on my system. Other than in the examples in the readme file I have no reference to this directory in my plugin. It should not appear on your system, but it obviously does. So I thougt it might have been added in the passwd file. But it didn't. If I create a folder audiobooks on my disk1 and create an user dave with comment ftpuser /mnt/disk1/audiobooks my log looks like this: Jul 2 19:41:14 lafiel proftpd[7261]: 127.0.0.1 (192.168.178.98[192.168.178.98]) - FTP session opened. Jul 2 19:41:14 lafiel proftpd[7261]: 127.0.0.1 (192.168.178.98[192.168.178.98]) - Preparing to chroot to directory '/mnt/disk1/audiobooks' Jul 2 19:41:14 lafiel proftpd[7261]: 127.0.0.1 (192.168.178.98[192.168.178.98]) - USER dave: Login successful. Jul 2 19:41:19 lafiel proftpd[7261]: 127.0.0.1 (192.168.178.98[192.168.178.98]) - FTP session closed. So the question is, what makes him try to change root to ~/ or resolve to /mnt/cache/FTP? It just makes no sense. Please check the proftpd.conf, that the DefaultRoot looks exactly like this: DefaultRoot ~ Replacing the whole config file will be even better as this will make sure there are no unintentionally uncommented lines. If that doesn't solve it, I would try to fully remove my plugin, delete all ftpuser users, reboot the server and check that there are no traces left. Then reinstall the plugin and try again.

@Necrotic sudo -u nobody mkdir ... will execute the command given (mkdir) as user nobody. The created directory will have the user nobody as owner. sudo -u root ... will execute the command given as user root. The log messages you posted don't indicate an error and should not be responsible that the config editor didn't work for you. But I'm glad you got it working. Also thank you very much for posting the ssl instructions.

@dearleuk Just to be sure, please check that your config is exactly like this: # Server Settings ServerName ProFTPD ServerType standalone DefaultServer on PidFile /var/run/proftpd.pid # Port 21 is the standard FTP port. You propably should not connect to the # internet with this port. Make your router forward another port to # this one instead. Port 21 # Set the user and group under which the server will run. User nobody Group users # Prevent DoS attacks MaxInstances 30 # Speedup Login UseReverseDNS off IdentLookups off # Control Logging - comment and uncomment as needed # If logging Directory is world writeable the server won't start! # If no SystemLog is defined proftpd will log to servers syslog. #SystemLog NONE #SystemLog /boot/config/plugins/proftpd/slog TransferLog NONE #TransferLog /boot/config/plugins/proftpd/xferlog WtmpLog NONE # As a security precaution prevent root and other users in # /etc/ftpuser from accessing the FTP server. UseFtpUsers on RootLogin off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # "Jail" FTP-Users into their home directory. (chroot) # The root directory has to be set in the description field # when defining an user: # ftpuser /mnt/cache/FTP # See README for more information. DefaultRoot ~ # Shell has to be set when defining an user. As a security precaution # it is set to "/bin/false" as FTP-Users should not have shell access. # This setting makes proftpd accept invalid shells. RequireValidShell no # Normally, we want files to be overwriteable. AllowOverwrite on Then please open the /config/passwd file on your flash drive and post the line for the user you created (paul). It will not contain any password, so don't worry.

@dearleuk proftpd tries to chroot to ~/ instead of /mnt/disk1/audiobook like it should. This fails and therefore the connect fails too. Did you change anything in the provided proftpd.conf? At the moment I can't say why this is happening. I'll have to think about it a little longer. @Necrotic Do you think you could delete or move the proftpdce.zip and provide a log after restarting your server? Also thank you very much, for reporting the \ problem. I never tried regex paths, so I didn't notice it myself. I'll try to fix this problem in a future version.

Did you restart the proftpd daemon after adding the user? If no, please do. If yes, could you post the lines from the syslog from the time when you try to connect? They might give more detail on the error. Also please post the users and permissions for /mnt/, /mnt/disk1 and /mnt/disk1/audiobooks.

Don't change permissions or share settings, but change the proftpd config. Add the following lines: # Limit write access to a directory and subdirs <Directory /mnt/user/movies/dvdr> <Limit WRITE> DenyAll </Limit> </Directory> If you want to allow write operations to a certain directory you add: # Allow write access to certain directory <Directory /mnt/user/movies/dvdr/upload> <Limit WRITE> AllowAll </Limit> </Directory> Then save the config and restart proftpd to enable the changes. This will disable write access for all ftp users. It may be modified to apply to certain users only, or maybe even to only block write access not coming from the local network. I never tried this through, so you will have to google around if it is possible. Proftpd is quite powerful in what it can do. Sadly there is no php gui which supports all the bells and whistles.

Hmm... If you want only read access to your shares this should be pretty secure if you use a password you don't have anywhere else. Even if it gets cracked (I use an unecrypted password for years now and was never hacked.) you won't compromise other logins and the attacker will have only read access. The installation problem was my mistake. I moved the binary files from github to my personal webspace but forgot to post the modified plugin. Please redownload it from the first post and try again.

If you already have dyndns running, you could forward a port of your choice to the port proftpd uses on your unraid server. This will make the ftp service available worldwide. Using port 21 on the router is not recommended, as this port will be an obvious choice for an bruteforce attack. Using the proftp on port 21 on the server is no problem, as this will not be available for outside access. If you create an user with access to /mnt/user you will be able to access your user shares. Be aware however, that if you have sensitive data in those shares, it is still a high risk to go that route. Standard FTP access uses unencrypted passwords and unencrypted transfers. Proftpd provides the ability to use more secure mechanisms (SFTP/SSL/TLS), I can't guide you on this however, as I only provide access to absolutely uncritical data in very selected directories via FTP. Please have a look on the documentation here: http://www.proftpd.org/docs/ An VPN setup from your outside locations to your router would propably be a much more secure way to provide access. And even then you should carefully consider what to share. PS: As there is a newer version of proftpd with some security fixes available, I'll do a new build on the weekend. Update will be possible through the plugins web interface.

Your isp is changing your ip from time to time and you want some static means to access it? Then get yourself a dyndns service. Check your router on what services it supports and get one of those. (e.g. http://freedns.afraid.org/) Those services will give you a static hostname (e.g. xyz.service.org ) that will be updated to link to your ip, whatever it is at the moment. Your router connects to the service on ip change and registers you new ip. Works fine for me.

Please try the newest version. Clicking the update button on the plugin settings page should be fine.

Well, that shows the ssl package is missing. ^^ I'm sure I tested with a stock unraid and didn't get this error. But I'll have to test it again to be sure. This will take a while I fear. I have a lot of other things to do at the moment. I'll report back as soon as possible, but it'll propably take the whole week to have at deeper look at this. Sorry.

The error saying simplefeatures is caused by my plugin. It checks for the simplefeatures webserver config to use the webserver for the config editor. As you have removed simplefeatures it doesn't find the file. Of course this has to be rewritten in a way that it throws no error when nothing is found. Now back to the unknown problem. Please check if you have the file /etc/rc.d/rc.proftpd Then in shell call: /etc/rc.d/rc.proftpd getver app local This is what is called by the web page to retrieve the local app version. If you don't have this file or it fails we know a little bit more where the problem is.

The local version of the proftpd package should be the same as online. The unknown indicates something went wrong when downloading the package. Please click on update package. There should be a button under updates. Please make sure you have Enable ProFTP Daemon on the right side set to Yes. Then please try to reboot your server. If it it still doesn't show the same version as online please check /boot/config/plugins/proftpd/ if there are proftpd-1.3.5rc2.tgz and proftpd-1.3.5rc-sql.tgz files and what their size is, then post again. To start proftpd from commandline please use the following command and post the output if it doesn't work: /etc/rc.d/rc.proftpd start The plugin needs to show RUNNING as status. Only then we'll be able to check if the user/s are setup correctly.

In bash and many config files the # at the start of a line will make that line a comment. So do something would mean a real command, while #do something will be a comment which will not be executed. Not all programming languages use a #. There are other comment symbols as well. Version 0.5b of my plugin is online. Please use the update function on the plugin page to update. After a reboot of your server the "FTP Server" icon will be gone.

I think I know now why you think the internal server is still running. The "FTP Server" icon in Settings is not removed by my plugin. It is no indication that the internal one is still running. Edit: That is misleading however, so I'll change the next version of the plugin to remove it.

In shell (telnet or directly at the server) you enter: cat /etc/inetd.conf or: vi /etc/inetd.conf To leave vi type :q

All logs and pictures indicate proftpd is successfully installed and running fine. Internal FTP should be disabled then. Why are you sure it is running? To do the final check please have a look at /etc/inetd.conf. Look for this lines: # Very Secure File Transfer Protocol (FTP) server. #ftp stream tcp nowait root /usr/sbin/tcpd vsftpd If the second line has a comment sign in the beginning the internal ftpserver is disabled and not running. If you do a ps -A you should get a list of all running processes. There should be no other ftpserver besides proftpd running. inetd running is normal as this still handles your telnet connection.

Are you sure it is the internal FTP that is running? Is the proftpd plugin icon now present in Settings? Do you get the config editor window on the plugins settings page? If not and if you have not given up by now please post a full syslog.

Normally you just install the webserver plugin and enable it. The proftpd plugin will detect if it is enabled and copies the necessary files to your webroot. On the proftpd settings page you should then have a config editor window at the bottom. Be aware that the webserver plugin fails to install correctly at the moment. Check this post in the simplefeatures thread for a manual fix. If it still doesn't work you'll have to post a full syslog again.

No problem. I'm glad you got it fixed. And there really was a little bug in the plugin, so I'm really glad you tried it out and made me stumble upon it. Have fun with the plugin and feel free to ask if there are any questions or problems.

It seems your server doesn't connect to the internet correctly. This will have to be fixed, or the plugin won't work. Do you have the correct dns setting for your server? Can you try setting it to 8.8.8.8 (Google DNS)?

Hmm... Could you please try to run the following command in shell and posting the output you get? wget --no-check-certificate https://github.com/SlrG/unRAIDplugins/raw/master/proftpd/device_status.png