[ previous ] [ next ] [ threads ]
 
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Problems with proftpd
 Date:  Tue, 12 Dec 2006 18:34:33 -0600
For the record, this is my config file for ProFTPd on Ubuntu.  I only have 
port 21 forwarded.  It has worked with every client I have used so far. 
Note the complete lack of passive settings or server names.

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName   "Debian"
ServerType   standalone
DeferWelcome   off

MultilineRFC2228  on
DefaultServer   on
ShowSymlinks   on

TimeoutNoTransfer  600
TimeoutStalled   600
TimeoutIdle   1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                 "-l"

DenyFilter   \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd  off

# Uncomment this if you would use TLS module:
#TLSEngine    on

# Uncomment this if you would use quota module:
#Quotas    on

# Uncomment this if you would use ratio module:
#Ratios    on

# Port 21 is the standard FTP port.
Port    21

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances   30

# Set the user and group that the server normally runs at.
User    nobody
Group    nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask    022  022
# Normally, we want files to be overwriteable.
AllowOverwrite   on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine    off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User    ftp
#   Group    nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias   anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser on ftp
#   DirFakeGroup on ftp
#
#   RequireValidShell  off
#
#   # Limit the maximum number of anonymous logins
#   MaxClients   10
#
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin   welcome.msg
#   DisplayFirstChdir  .message
#
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
#
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask    022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
#
# </Anonymous>