[Proftpd] Prob connexions exterieures

Résolu
lonewolfs Messages postés 51 Statut Membre -  
lonewolfs Messages postés 51 Statut Membre -
Bonjour,

Je suis sous une mandriva 2007 et j'appele a l'aide car je viens de configurer proftpd, qui fonctionne très bien en local mais qui refuse les connexions de l'exterieur et je ne comprend pas vraiment pourquoi.

Voila ce que me dit /var/log/proftpd/proftpd.log :

[::ffff:*************): USER userftp: Login successful.
Jun 30 09:05:56 localhost proftpd[6385] localhost (d77-216-156-186.cust.tele2.fr[::ffff:*******): Preparing to chroot to directory '/mnt/ftp'
Jun 30 09:05:56 localhost proftpd[6385] localhost (d77-216-156-186.cust.tele2.fr[::ffff:********]): mod_delay/0.5: delaying for 4 usecs
Jun 30 09:05:56 localhost proftpd[6385] localhost (d77-216-156-186.cust.tele2.fr[::ffff:*********]): Connection refused (max clients per host 3).
Jun 30 09:05:56 localhost proftpd[6385] localhost (d77-216-156-186.cust.tele2.fr[::ffff:********]): FTP session closed.


Alors la je suis paumé, car en plus depuis mon windows, je charge quand même a plus de 1000ko/s et je voudrais bien que mon ftp fonctionne correctement, ce qui me permettrais de recuperer mes fichiers de partout.

A tout hasard je vous joint une copie de mon proftpd.conf au cas ou l'erreur se dissimulerais la.

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd.d/*.conf

# This is the directory where DSO modules resides

ModulePath /usr/lib/proftpd

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

#Autoriser l'usage de /etc/ftpusers
UseFtpUsers                     on

#Repertoire dans lequel arrivent les utilisateurs acceptés
DefaultChdir /mnt/ftp

#Repertoire racine, les connectés au ftp ne verrons que lui
DefaultRoot /mnt/ftp

#Nombre maximum de clients ayant le même login
MaxClientsPerHost               3

#Message d'accueil après une connexion réussie
AccessGrantMsg "Connexion reussie pour %u"

#Pour ne pas donner d'info sur le serveur
DeferWelcome                    off

# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
AllowStoreRestart               on

# Port 21 is the standard FTP port.
Port                            21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
#PassivePorts                    49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group under which the server will run.
User                            nobody
Group                           nobody

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
PersistentPasswd                off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#UseSendFile                    off

TransferLog /var/log/proftpd/proftpd.log
SystemLog   /var/log/proftpd/proftpd.log


    TLSEngine off



    QuotaEngine on



    Ratios on


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.

    DelayEngine on



    ControlsEngine        on
    ControlsMaxClients    2
    ControlsLog           /var/log/proftpd/controls.log
    ControlsInterval      5
    ControlsSocket        /var/run/proftpd/proftpd.sock



    AdminControlsEngine on





AllowUser adminftp
DenyAll



Allow 10.0.0.1 192.168.0
Deny All


Je vous remercie par avance de votre aide.

Amitiés

ps : les ports de ma box sont ouvert pour le ftp
Configuration: Linux
Firefox 2.0.0.4

18 réponses

  1. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    Salut,

    affiche le résultat de
    iptables -v -L -n
    0
  2. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    Allow 10.0.0.1 192.168.0
    Deny All

    tu acceptes seulement les connexion provenant de la machine 10.0.0.1 et du réseau 192.168.0
    fait un teste et mets
    Allow 10.0.0.1 192.168.0 xxx.xxx.xxx.xxx

    xxx.... c'est l'ip distant
    0
  3. lonewolfs Messages postés 51 Statut Membre 5
     
    Bonjour Lami20j,

    Voici le resultat de ta première requete :
    Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
     507K   24M Ifw        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
     507K   24M eth0_in    all  --  eth0   *       0.0.0.0/0            0.0.0.0/0   
        0     0 ham0_in    all  --  ham0   *       0.0.0.0/0            0.0.0.0/0   
        0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
        0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 eth0_fwd   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0   
        0     0 ham0_fwd   all  --  ham0   *       0.0.0.0/0            0.0.0.0/0   
        0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
        0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0   
     514K  763M fw2net     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
        0     0 fw2loc     all  --  *      ham0    0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
        0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
        0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain Drop (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113
        0     0 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11
        0     0 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0 
        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445
        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139
        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535
        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445
        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900
        0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0  
        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53
    
    Chain Ifw (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           set ifw_wl src
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           set ifw_bl src
        0     0 IFWLOG     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
        0     0 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53 IFWLOG prefix 'NEW'
       98  8148 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:137 IFWLOG prefix 'NEW'
       63 14285 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:138 IFWLOG prefix 'NEW'
        0     0 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:139 IFWLOG prefix 'NEW'
        0     0 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:445 IFWLOG prefix 'NEW'
        0     0 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW multiport dports 1024:1100 IFWLOG prefix 'NEW'
        0     0 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:631 IFWLOG prefix 'NEW'
        0     0 IFWLOG     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:5001 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:20 IFWLOG prefix 'NEW'
       50  2556 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:109 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:110 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:143 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:23 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:137 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:138 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:139 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:445 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW multiport dports 1024:1100 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:631 IFWLOG prefix 'NEW'
        0     0 IFWLOG     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5000 IFWLOG prefix 'NEW'
    
    Chain Reject (4 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:113
        0     0 dropBcast  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 code 4
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11
        0     0 dropInvalid  all  --  *      *       0.0.0.0/0            0.0.0.0/0 
        0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,445
        0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpts:137:139
        0     0 reject     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:137 dpts:1024:65535
        0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 135,139,445
        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1900
        0     0 dropNotSyn  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0  
        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53
    
    Chain all2all (0 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 Reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
        0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain dropBcast (2 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
    
    Chain dropInvalid (2 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    
    Chain dropNotSyn (2 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02
    
    Chain dynamic (4 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain eth0_fwd (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
        0     0 net2all    all  --  *      ham0    0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
    
    Chain eth0_in (1 references)
     pkts bytes target     prot opt in     out     source               destination 
      213 25069 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
     507K   24M net2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           policy match dir in pol none
    
    Chain fw2loc (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain fw2net (1 references)
     pkts bytes target     prot opt in     out     source               destination 
     514K  763M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
      419 35740 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain ham0_fwd (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
        0     0 loc2net    all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           policy match dir out pol none
    
    Chain ham0_in (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 dynamic    all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID,NEW
        0     0 loc2fw     all  --  *      *       0.0.0.0/0            0.0.0.0/0           policy match dir in pol none
    
    Chain loc2fw (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain loc2net (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain logdrop (0 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain logreject (0 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
        0     0 reject     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain net2all (2 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 Drop       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain net2fw (1 references)
     pkts bytes target     prot opt in     out     source               destination 
     506K   24M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
      161 22433 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 53,137,138,139,445,1024:1100,631,5001
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:20
       52  2636 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:109
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:23
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:137
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:138
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:1100
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:631
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5000
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
        0     0 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    
    Chain reject (11 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0   
        0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0   
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
        0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0   
        0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0   
        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
        0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
        0     0 REJECT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
    
    Chain shorewall (0 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain smurfs (0 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        all  --  *      *       192.168.1.255        0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
        0     0 DROP       all  --  *      *       192.168.1.255        0.0.0.0/0   
        0     0 LOG        all  --  *      *       255.255.255.255      0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
        0     0 DROP       all  --  *      *       255.255.255.255      0.0.0.0/0   
        0     0 LOG        all  --  *      *       224.0.0.0/4          0.0.0.0/0           LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
        0     0 DROP       all  --  *      *       224.0.0.0/4          0.0.0.0/0 oic
    
    0
  4. lonewolfs Messages postés 51 Statut Membre 5
     
    Pour ta deuxième suggestion, je veux bien essayer mais ca va quand même poser un problème car je peux difficilement être en permanence en train de rajouter des ip acceptés.

    Il n'y a pas plutôt une ligne a configurer qui permette a tous les ip de se connecter ?

    Merci vraiment de ton aide

    Amitiés
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    Il n'y a pas plutôt une ligne a configurer qui permette a tous les ip de se connecter ?

    commente les lignes
    Allow 10.0.0.1 192.168.0
    Deny All

    (en fait c'est DenyAll )

    et écrit
    AllowAll

    donc tu auras
    #Allow 10.0.0.1 192.168.0
    #DenyAll
    AllowAll
    et redémarre le serveur

    tu peux mettre aussi

    #Allow 10.0.0.1 192.168.0
    #Deny All
    
    Allow from all
    0
  7. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    d'aillerus ça suffit de supprimer

    Allow 10.0.0.1 192.168.0
    DenyAll

    puisque par défaut c'est l'option
    Allow from all

    ce qui rends superflu (mais explicit) de l'écrire
    0
  8. lonewolfs Messages postés 51 Statut Membre 5
     
    Merci encore de ton aide.

    Je vais tester cela depuis l'exterieur. donc je pense que je pourrais te confirmer si cela fonction aux environ de 12h00

    De toute facon, je te tiens au courant.

    Merci encore et encore.

    Je peux encore abuser un peu ? lol

    Voila lorsque je relance le demon proftpd j'ai toujours ce message :

    - IPv6 getaddrinfo 'localhost' error: Name or service not known


    et dans mes logs lors de connexion ceci aussi qui je pense est lié :

    Jun 30 10:07:50 localhost proftpd[6735] localhost (ACD32A2B.ipt.aol.com[::ffff:172.211.42.43]): error setting IPV6_V6ONLY: Protocol not available
    


    Aurais tu une idée du problème et eventuellement dans la manière de le resoudre ?

    Merci encore Lami20j
    0
  9. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    pour le message d'erreur il s'agit de IPv6 qui n'est pas supporté par ton système ou pas prise en compte
    donc c'est plutôt un warning (pas grave)

    affiche le contenu de ton /etc/hosts
    0
  10. lonewolfs Messages postés 51 Statut Membre 5
     
    Et bien il va être très court :

    127.0.0.1               localhost
    0
  11. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    cat /etc/hosts
    de donne que cette ligne?!

    si oui, pas grave, le message ne doit pas t'inquièter (je parle de IPv6)
    0
  12. lonewolfs Messages postés 51 Statut Membre 5
     
    Oui ca ne donne que cette ligne.

    Mais bon puique tu me dis que je ne dois pas m'inquieter, je ne m'inquiète pas. (lol)

    [Edit] Je te tiens au courant dès que j'ai reussis a me connecter depuis l'exterieur (donc aux environs de 11h45 - 12h00)
    0
  13. lonewolfs Messages postés 51 Statut Membre 5
     
    Bon je viens de tester et ca ... ne fonctionne pas.

    Une première fois un timeout, et la seconde, ie me dit que je ne peux me connecter avec le user et mot de passe proposé.

    Surprenant alors que ce sont les bons.

    Voila ce que me dit les logs :

    Jun 30 11:20:31 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:20:31 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:83.): FTP session opened.
    Jun 30 11:20:31 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff]): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:20:31 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 770 usecs
    Jun 30 11:20:31 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): no such user 'anonymous'
    Jun 30 11:20:31 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): USER anonymous: no such user found from ADijon-153-1-12-160.w83-196.abo.wanadoo.fr [::ffff:] to ::ffff:192.168.1.21:21
    Jun 30 11:20:31 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 503 usecs
    Jun 30 11:20:32 localhost proftpd[6865] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session closed.
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): FTP session opened.
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 821 usecs
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): no such user 'anonymous'
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): USER anonymous: no such user found from ADijon-153-1-12-160.w83-196.abo.wanadoo.fr [::ffff:] to ::ffff:192.168.1.21:21
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 36106 usecs
    Jun 30 11:20:32 localhost proftpd[6866] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): FTP session closed.
    Jun 30 11:20:40 localhost proftpd[6867] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:20:40 localhost proftpd[6867] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): FTP session opened.
    Jun 30 11:20:40 localhost proftpd[6867] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:20:40 localhost proftpd[6867] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): USER userftp: Login successful.
    Jun 30 11:20:40 localhost proftpd[6867] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8): Preparing to chroot to directory '/mnt/ftp'
    Jun 30 11:20:40 localhost proftpd[6867] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): Ratio: userftp/userftp ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:: -0/0 +0/0 (0 0 0 0) = 0/0.
    Jun 30 11:20:42 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:20:42 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session opened.
    Jun 30 11:20:42 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:20:42 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): USER userftp: Login successful.
    Jun 30 11:20:42 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): Preparing to chroot to directory '/mnt/ftp'
    Jun 30 11:20:42 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): Ratio: userftp/userftp ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]: -0/0 +0/0 (0 0 0 0) = 0/0.
    Jun 30 11:20:43 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:21:36 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:21:37 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session opened.
    Jun 30 11:21:37 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:21:37 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 803 usecs
    Jun 30 11:21:37 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): no such user 'anonymous'
    Jun 30 11:21:37 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): USER anonymous: no such user found from ADijon-153-1-12-160.w83-196.abo.wanadoo.fr [::ffff:] to ::ffff:192.168.1.21:21
    Jun 30 11:21:37 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): mod_delay/0.5: delaying for 28797 usecs
    Jun 30 11:21:37 localhost proftpd[6869] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session closed.
    Jun 30 11:21:37 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:21:37 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8): FTP session opened.
    Jun 30 11:21:38 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:21:38 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 916 usecs
    Jun 30 11:21:38 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): no such user 'anonymous'
    Jun 30 11:21:38 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8]): USER anonymous: no such user found from ADijon-153-1-12-160.w83-196.abo.wanadoo.fr [::] to ::ffff:192.168.1.21:21
    Jun 30 11:21:38 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 25046 usecs
    Jun 30 11:21:38 localhost proftpd[6870] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): FTP session closed.
    Jun 30 11:21:43 localhost proftpd[6871] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:21:44 localhost proftpd[6871] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): FTP session opened.
    Jun 30 11:21:44 localhost proftpd[6871] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8]): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:21:44 localhost proftpd[6871] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): USER userftp: Login successful.
    Jun 30 11:21:44 localhost proftpd[6871] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): Preparing to chroot to directory '/mnt/ftp'
    Jun 30 11:21:44 localhost proftpd[6871] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8]): Ratio: userftp/userftp ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:83.196.227.160]: -0/0 +0/0 (0 0 0 0) = 0/0.
    Jun 30 11:21:45 localhost proftpd[6872] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:21:45 localhost proftpd[6872] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session opened.
    Jun 30 11:21:45 localhost proftpd[6872] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:21:45 localhost proftpd[6872] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): USER userftp: Login successful.
    Jun 30 11:21:45 localhost proftpd[6872] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff]): Preparing to chroot to directory '/mnt/ftp'
    Jun 30 11:21:45 localhost proftpd[6872] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): Connection refused (max clients per host 3).
    Jun 30 11:21:45 localhost proftpd[6872] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8]): FTP session closed.
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): error setting IPV6_V6ONLY: Protocol not available
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session opened.
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): invalid CommandBufferSize size (0) given, resetting to default buffer size (512)
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): mod_delay/0.5: delaying for 37 usecs
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8): USER adminftp: Login successful.
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): Preparing to chroot to directory '/mnt/ftp'
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:8]): mod_delay/0.5: delaying for 8885 usecs
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): Connection refused (max clients per host 3).
    Jun 30 11:22:02 localhost proftpd[6873] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:): FTP session closed.
    Jun 30 11:22:11 localhost proftpd[6871] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session closed.
    Jun 30 11:22:56 localhost proftpd[6868] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP session closed.
    Jun 30 11:30:40 localhost proftpd[6867] localhost (ADijon-153-1-12-160.w83-196.abo.wanadoo.fr[::ffff:]): FTP no transfer timeout, disconnected
    Jun 30 11:30:40 localhost proftpd[6867] localhost ]): FTP session closed.
    0
  14. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    et si tu enlève aussi
    AllowUser adminftp
    DenyAll

    0
  15. loenwolfs
     
    Je veux bien essayer lami20j mais ceci ne sert normalement qu'a limiter a l'administrateur la possiblité d'ecrire dans le repertoire.

    Et je ne comprendrais pas pourquoi ceci empecherait les connexions extérieures.
    0
  16. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    par exemple

    The Allow directive is used inside a <Limit> context to explicitly specify which hosts and/or networks have access to the commands or operations being limited.

    et ce n'est pas ce que je vois chez toi
    0
  17. lami20j Messages postés 21506 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   3 571
     
    tu devras plutôt avoir quelque chose comme ça

    <Directory /repertoire_ftp>
      <Limit WRITE>
        Allow from adminftp
        DenyAll
      </Limit>
    </Directory>
    0
  18. lonewolfs Messages postés 51 Statut Membre 5
     
    Bonjour lami20j

    Je viens d'essayer mon serveur depuis l'exterieur avec net2ftp.com et il repond favorablement donc je pense qu'il fonctionne.

    Il m'a juste fallu dieser le maxrequest et ca a l'air de fonctionner.

    Je te remercie de l'aide que tu m'as apporté.

    Amitiés
    0