Hiya Darkone.

I've got an urgent request that I hope can be implemented into ioftpd without much trouble or (re)-coding. I'm in need of a special device for dir-listing (ASCII-transfers) or a special device just for data transfers excluding the listing. I'll explain in detail:

I've blocked unwanted traffic on switch level (data ports for ioftpd on specified device) thus only allowing "allowed" ips and hosts on site. This is to limit mostly forreign traffic as nothing is free today.

Now - i would like even those to be able to login, list etc without being blocked. I'm only interested in blocking their binary transfers. Is there an easy solution for this?

My first though would be that ioFTPD could use both transfer devices (binary & ascii)

This could be done for both local transfers and FXP (site-to-site)

Why don't u just block Download and Upload for those users ?
Takes a couple of seconds editing the .ini

BTW, ioFTPD doesn't differentiate binary and ascii transfers.
For io, a transfer is a transfer, and the mode you set (BINARY or ASCII) is just dropped.

Mouton i dont think you're gotten my point here.

Let me elaborate:

I wanna make sure users can list in any case. Blocking uploads & downloads using +fF flags is not a solution.

I want users to be able to transfer from "good ip / hosts " even though their control connection ip is outside my switch-enforced block. If a specified channel (device) could be specified with a port-rage excluded from the block and the standard balance-devices (data) specified for binary transfers my problems would be solved in seconds.

Tell your users to use stat command as list (aka 'stealh listing') This way listing go over control channel (which you've bound to device 1) and actual transfers go over device 2.

How d1??

What is the stat command exactly and does ftp client support it?

Im not a ftpd theory novice but dunno anything about "STAT" cmd...

update:

unable to get dirlist using stealth mode (wrong data)
bailing out.

pftp seems incompatible with ioftpd. works fine on glftpd sites.

same goes for ultrafxp.

too bad ffxp does not have that feature. not really practical having to do raw commands all the time :)

I guess you need to hack pftps sources :) it's thinking ioftpd's reply is malformed, as it uses different prefix. (io uses same as proftpd.. or was it wu-ftpd :))

Why not change it to work with pftp which is made basically for glftpd - which in any case is what ioftpd is targeting. personally I couldnt care less about raiden, serv-u and other less important ftpds

My users (and presumably most other ioftpd users) are used to glftpd.

I'm trying to follow internet standards.. (which are ofcourse based on the most popular daemons: proftp, wu-ftpd, iis)