Ok, thanks for the help with the symlinks. True that it makes browsing sorted symlink collections a pain in the ass, but i use them more to navigate quick into deep nested directory structures, so it bothered me more that i ended up again in / instead of the dir above when doing CDUP. But all is well now. Also i noticed some warnings in the logs, seems like some script got confused that a symlink reported /target/to/symlink as it's target, yet when cwd'ing into the actual path returned by io was /symlink instead. I don't really know what script it or the exact message was, because it didn't look serious so i never bothered. I guess it was either nxTools or ioNinja.
Back to the bouncer issue. I checked and the BNC_HOST is defined in the service section. Here's an excerpt from the ioftpd.ini
Code:
some other settings here...
#############
# FTP SETUP #
#############
[FTP_Service]
Type = FTP
# Name of "Device" configured above to bind to when listening for client
# connections.
Device_Name = Any
#-------------------------------------------------------------
# The port for people to connect to your FTP on.
# *** You MUST forward this port as well in your router!!! ***
#-------------------------------------------------------------
Port = 12345
# NOTE: Port-1 will be used for all active outgoing connections if you
# need to allow these explicitly in a router.
User_Limit = 10
Allowed_Users = *
Messages = ..\text\ftp
#
# Encryption - See "Permissions" section below for syntax. The default
# allows anyone to connect to the server without TLS/SSL.
#
# To force everyone (a good idea!) to use secure connections except for
# the default ioFTPD account which is configured to only allow connections
# from the same machine as the server use
# Require_Encrypted_Auth = !-ioFTPD *
# Require_Encrypted_Data = !-ioFTPD *
#
Require_Encrypted_Auth = *
Require_Encrypted_Data = *
# >>>>>>>>>>>> SSL CHANGE THIS <<<<<<<<<<<<<<
#
# Name of the SSL certificate to use for this service. If at the very top
# use have a HOST= line that is anything other than 0.0.0.0 you don't need
# to explicitly set this as the server will try to load a cert with the
# specified HOST= name and if that fails it will try the default of "ioFTPD".
#
# NOTE: You can now use "site makecert" and "site removecert [name]" to
# manipulate installed certificates.
;Certificate_Name = ioFTPD
# If no certificate was found at all and this is 'True' then at startup
# try to create a new certificate automatically and load it for use.
# Default is False.
Create_Certificate = True
# If undefined or 'True' the server will respond with a clear text FTP
# greeting and users will send the 'AUTH TLS' or 'AUTH SSL' commands to
# enable encryption. If set to 'False' then assume implicit encryption which
# means negotiate TLS/SSl immediately before any text sent. You most likely
# want to leave this with the default 'True' setting.
Explicit_Encryption = True
# You can limit the TLS/SSL negotiation method to: SSL2, SSL3, or TLS.
# I strongly suggest leaving this undefined (the default) to support all 3
# methods. If you do modify this you should also consider passing the
# appropriate NO_SSLv2, NO_SSLv3, and/or NO_TLSv1 options to the library
# via the OpenSSL_Options feature below.
# WARNING: This also affects data connections to/from the service.
;Encryption_Protocol = SSL3
# You can specify any v1.0 OpenSSL option flag to modify the encryption
# library's behavior. Arguments are separated by "|" and the "SSL_OP_" prefix
# should be left off. The complete list of options is available at:
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
# The 2 suggested options are:
# ALL - enable all compatibility options to work around broken SSL
# implementations.
# NO_TICKET - Disable RFC4507bis tickets for stateless session resumption.
# FlashFXP disabled this because of issues with some Java SSL
# implementations so I figure we should do the same.
OpenSSL_Options = ALL|NO_TICKET
# You can control which ciphers are available. Documentation is available at:
# http://www.openssl.org/docs/apps/ciphers.html
# The default of "DEFAULT:!LOW:!EXPORT" excludes anything under 128 bits.
# NOTE: This affects both control and data connections!
OpenSSL_Ciphers = DEFAULT:!LOW:!EXPORT
# Active mode data transfers require the server to create connections to the
# user specified IP/Port. For security reasons the server should be prevented
# from connecting back to itself or initiating connections to any machine
# behind a firewall. By default the server will block access to the following
# non-routable private IP ranges: 10.* 172.16.* 192.168.* and the loopback
# interface 127.*. To disable this feature entirely just specify 0.0.0.0
# as the host to block. You may however specify a custom list of IP addresses
# or ranges using glob-style wildcards provided you don't skip any numbers
# when enumerating them via 'Deny_Port_Host_<num>'. <num> starts at 1.
;Deny_Port_Host_1 = 127.*
;Deny_Port_Host_2 = 192.168.*.*
;Deny_Port_Host_1 = 0.0.0.0
# IDNT command restricted to use by these hosts. You may list up to 10 IP
# addresses or hostnames (i.e. BNC_HOST_10) without skipping numbers.
# You may use wildcards.
BNC_HOST_1 = my.bouncer.ip.here
# List of "devices" configured above to use for data transfers, none means
# use Device_Name as data device.
;Data_Devices =
# Traffic Balancing: use random or round robin among configured Data_Devices
;Random_Devices = True
###############################################################################
################################# NETWORK #################################
###############################################################################
ioftpd.ini continues here...
i also tried adding your args.exe as pre-cmd script, but it never gets called for some reason, so something seems wrong here. I also tried another bouncer (f-ftpbnc-v1.6) and tried to put it infront of both glftpd and ioftpd. gl works fine, but ioftpd doesn't recognize it's a bounced connection, doesn't call the pre IDNT script and just refuses the connection, because the ip of the bouncer is obviously not added to the user trying to connect.