FlashFXP Forums ioFTPD leech issue
 Tickets Search Today's Posts Mark Forums Read

 04-15-2011, 01:37 PM #1 kathorga Junior Member   Join Date: Apr 2011 Posts: 3 ioFTPD leech issue hey i ppl having problems with leeching using stat-l, stat-al : [1] 501 PORT command failed: Transfer to specified network address is not allowed. It works only with upnp unabled. It's from external ip's, ports opened correctly Does anyone know why?
 04-15-2011, 03:03 PM #2 FTPServerTools Senior Member FlashFXP Beta TesterioFTPD Scripter   Join Date: Sep 2002 Posts: 543 For the PORT command to work you need to allow a port command range thgough the router. ioftpd does not send upnp commands to the firewall thus it works if you set a fixed range of ports (and set the sme range in ioftpd). If you set upnp then depending on the brand of router, the fixed ports settings may be overruled.. Note, some routers do handle fixed and upnp ports together porperly... __________________ http://tinyurl.com/ftpservertools
 04-16-2011, 05:50 AM #4 zrezur Junior Member   Join Date: Apr 2011 Posts: 1 Gentlemen, I (userxxx) am trying to connect to Kathorga's FTP. I'm attaching the log from this session below. Couple details about topology of the network: - My computer is behind the router (82.160.XXX.XXX) - Kathorga's ftp server is behind the router(88.199.XXX.XXX) as well. - private ip of Kathorga's ftp server(like you can see it in the log) is 192,168,12,120. - Admin of Kathorga's network should forward all ports from range 40000-42000 to Kathorga's server I suspect that the forwarding of ports on the router is not working good. What do you think? Code: [R] Connected to Jaqb [R] 220 FTP Server ready. [R] AUTH SSL [R] 234 AUTH SSL successful. [R] Connected. Negotiating SSL session [R] TLSv1 negotiation successful... [R] TLSv1 encrypted session using cipher ECDHE-RSA-AES256-SHA (256 bits) [R] PBSZ 0 [R] 200 PBSZ 0 successful. [R] USER userx [R] 331 Password required for userx. [R] PASS (hidden) [R] 230-User userx from 82.160.XXX.XXX, welcome to our FTP server. [R] 230- [R] 230-ioFTPD activity: [R] 230- [R] 230- Users online : 2 [R] 230- Active transfers : 0 [R] 230- Uptime : 16 hours, 2 mins, 39 secs [R] 230- [R] 230-Enjoy your stay. [R] 230 User userx logged in. [R] SYST [R] 215 UNIX Type: L8 [R] FEAT [R] 211-Extensions supported: [R] AUTH SSL [R] AUTH TLS [R] CLNT [R] CPSV [R] LIST -1aAdflLRsTU [R] MDTM [R] MDTM YYYYMMDDHHMMSS filename [R] PBSZ [R] PROT [R] REST STREAM [R] SIZE [R] SSCN [R] STAT -1aAdflLRsTU [R] TVFS [R] XCRC filename;start;end [R] 211 END [R] CLNT FlashFXP 4.0.0.1545 [R] 200 Noted. [R] PWD [R] 257 "/" is current directory. [R] TYPE I [R] 200 Type set to I. [R] SIZE file.dat [R] 213 9112575 [R] MDTM file.dat [R] 213 20100928124632 [R] PROT P [R] 200 Protection set to: Private. [R] PASV [R] 227 Entering Passive Mode (192,168,12,120,163,124) [R] Opening data connection IP: 88.199.XXX.XXX PORT: 41852 [R] Data Socket Error: Connection refused [R] Transfer Failed! [R] SIZE file.dat [R] 213 9112575 [R] MDTM file.dat [R] 213 20100928124632 [R] PASV [R] 227 Entering Passive Mode (192,168,12,120,157,109) [R] Opening data connection IP: 88.199.XXX.XXX PORT: 40301 [R] Data Socket Error: Connection refused [R] Transfer Failed! 1 File Failed
 04-16-2011, 06:11 AM #5 Yil Too much time... FlashFXP Beta TesterioFTPD Administrator   Join Date: May 2005 Posts: 1,194 I agree that it looks like a problem with port forwarding at first glance. The interesting thing to me is that you don't get a timed out connection attempt. Most home routers play dumb and drop packets they aren't set to forward rather than reject the connection so seeing the refused message isn't what I would have expected. The most likely cause of something like that is for people who have more than 1 computer behind a NAT firewall and they are forwarding the ports to the wrong computer... That usually happens because they don't set a fixed private IP like 192.168.12.10 or something and instead rely on DHCP to give them an IP address which can change over time especially if you have a wireless router. I should also point out Kathorga's FTP really should be giving out the 88.199.x.x address when it responds to the PASV command. This is done via the HOST= setting in the .ini file. Either set it to the static external IP if you have one, or set it to a name like name.no-ip.org and use the no-ip updater to keep it updated.
 04-16-2011, 06:57 AM #6 kathorga Junior Member   Join Date: Apr 2011 Posts: 3 Ok guys, there is my ioFTPD.ini at HOST i tried local, extrenal and my.no-ip address, still same Please check if rest it set up correctly. Another friend said that fxp works pretty well without upnp enabled, leeching still not working.. Code: `### ### This is the main configuration file for ioFTPD. ### ----------------------------------------------- ### ### Note from Yil: ### I've put in a number of useful pieces of information and attempted ### to document a few options as well as added some new ones. I suggest ### reading the whole thing through once before changing anything as ### details on user flags, permission matching, etc are spread throughout ### the file and are often not defined before their first use. I instead ### chose to document formats where they are first seriously used to make ### looking things up easier where your likely to make future changes. ### ### NOTE: The first 2 sections you MUST setup/examine as they include ports ### that must be forwarded in any routers/firewalls you may have... ### ### ### WARNING: ioFTPD doesn't report errors reading this configuration file ### ------- very well. Before making any changes backup this file, make ### the change, and if something isn't working right revert back ### to the known good version. ### ### Lines starting with a # or ; are considered comments. Single number ### or True/False settings can be followed with a # comment on the same line ### since only the first word is processed. Most string settings cannot ### reliably accept comments on the same line so don't add any that aren't ### already there. ### ### ### the ioFTPD FAQ can be found in the knowledge base: ### http://www.inicom.net/pages/en.ioftpd-kb.php ### ### documentation on ioFTPD is available: ### http://www.inicom.net/pages/en.ioftpd-documentation.php ### ### you can also visit the ioFTPD user's and developer's forum: ### http://www.inicom.net/forum ### ### a description of this file format is available from wikipedia: ### http://en.wikipedia.org/wiki/INI_file ### ### ############################################################################### ################################# DEVICES ################################# ############################################################################### # # A device is used by a service (ftp, or http) to specify connection # information such as which address and ports to bind to, and whether to shape # outgoing traffic. # # By default, the only device is the "Any" device, configured to bind # to all local ip addresses and to use a reasonable port range for ftp # passive connections that you MUST forward in routers/firewalls. # # # Find the case that best matches your network setup: # # A) You connect directly to your ISP with either a static or dynamic # external IP address and you can see it when you look at configured # network interfaces. I.e. the address when you look at the interface # in My Network Places doesn't match 192.168.*.*. # Host = 0.0.0.0 # # B) You are behind a hardware NAT firewall such as linksys, netgear, etc # and have a static IP address. # Host = external-IP # # C) You are behind a hardware NAT firewall with a dynamic IP address and # do not use a dynamic DNS service. See detailed notes below. # Host = 0.0.0.0 # # D) You are behind a hardware NAT firewall with a dynamic IP address and # you DO use a dynamic DNS service (like the free no-ip.org, etc). # Host = my.host.com # # Details: # 1) ioFTPD uses the IP address found through the Host= line for PASV # connections. If you happen to be behind a router and thus have a local # IP address like 192.168.*.* using Host=0.0.0.0 will stuff your 192 addr # into the PASV response. This is clearly wrong, but so many FTPs are # misconfigured this way that FlashFXP v3+ and many other clients # automatically use the IP originally used to connect to the site when # they see this which masks the problem for most users. # 2) Case C is best handled by just giving out the bogus 192 address and # letting FTP clients deal with it, although I suggest you setup a # free dynamic DNS resolver instead! # 3) Host=name for dynamic IP address works with no-ip, etc if you avoid # the startup race condition by making sure ioFTPD starts only after # the update has been done and propigated. Hard to guarantee, but a # site rehash or the next &ConfigUpdate scheduler event in 15 minutes # or less will fix this problem so it's not too bad. # # IMPORTANT NOTE!!! # ----------------- # If your server has a 192.168.* style IP address because you are behind a # NAT firewall/router and you are connecting locally to the FTP server on # the same machine, or from another machine behind the router then you may # experience problems with PASV connections. This is because a properly # configured server must reply to PASV commands using your EXTERNAL IP. # Local connections cannot be tested for because the client may be attempting # to FXP which requires the external address must be sent. If your router # doesn't recognize and properly redirect attempts to talk to yourself then # things won't work... # # To solve this problem simply configure the site in your FTP client to # "Use site IP for PASV connections" (in FlashFXP it's under site->options). # This should fix the problem for you. # DEVICE 'Any' [Any] # Host= - your external IP address if known Host = 88.XXX.XXX.XXX # Bind= - Specifies a specific network interface that # that sockets/connections should use. Shoul only be needed in rare # situations on multi-networked computers or wierd PPoE setups, etc. # This address is never communicated to clients directly, and Host= # still determines the reply to use in PASV responses. ;Bind = 0.0.0.0 # A comma separated list of individual ports or port ranges (x-y) to use in # response to PASV connection transfer requests. # *** IF YOU ARE BEHIND A ROUTER/FIREWALL YOU MUST FORWARD/ALLOW THESE PORTS # FOR PASSIVE FILE TRANSFERS TO WORK!!! *** Ports = 40000-42000 # If not false then randomize the allocation of PASV ports. Should almost # always be true. Random = True # This option allows you to control which ports the server uses for outgoing # connections. If Out_Ports is undefined that means use the old default of # Port-1 for the service (defined below) initiating the connection. However # to avoid "Connection closed: Only one usage of each socket address # (protocol/network address/port) is normally permitted" errors caused by the # receiving server or FTP client not having a large enough port range you can # specify additional local ports to use. An Out_Ports of 0 means use any # port which for almost all cases eliminates the problem and is the new # prefered setting unless you have a router/gateway that needs you to limit # the outgoing ports. # NOTE: Only the first single or range of ports is used. Out_Ports = 0 # Max total server bandwidth to use, leave commented out for no limit ;Global_Inbound_Bandwidth = 10000 ;Global_Outbound_Bandwidth = 10000 # default per client connection bandwidth, no limit if commented out ;Client_Inbound_Bandwidth = 100 ;Client_Outbound_Bandwidth = 50 # List the complete FTP FEAT response line(s) you wish to suppress here # except for the LIST/STAT commands which ignore everything after the '-' # because the list of valid -options can now varies depending on the user. # Since there are two MDTM lines use MDTM-- to suppress the plain MDTM line. ;Feature_Suppression = ############################################################################### ################################ SERVICES ################################# ############################################################################### # # the services section is used to configure the ftp and http services. # ############# # FTP SETUP # ############# [FTP_Service] Type = FTP # Name of "Device" configured above to bind to when listening for client # connections. Device_Name = Any #------------------------------------------------------------- # The port for people to connect to your FTP on. # *** You MUST forward this port as well in your router!!! *** #------------------------------------------------------------- Port = 21 # NOTE: Port-1 will be used for all active outgoing connections if you # need to allow these explicitly in a router. User_Limit = 10 Allowed_Users = * Messages = ..\text\ftp # # Encryption - See "Permissions" section below for syntax. The default # allows anyone to connect to the server without TLS/SSL. # # To force everyone (a good idea!) to use secure connections except for # the default ioFTPD account which is configured to only allow connections # from the same machine as the server use # Require_Encrypted_Auth = !-ioFTPD * # Require_Encrypted_Data = !-ioFTPD * # Require_Encrypted_Auth = !* Require_Encrypted_Data = !* # >>>>>>>>>>>> SSL CHANGE THIS <<<<<<<<<<<<<< # # Name of the SSL certificate to use for this service. If at the very top # use have a HOST= line that is anything other than 0.0.0.0 you don't need # to explicitly set this as the server will try to load a cert with the # specified HOST= name and if that fails it will try the default of "ioFTPD". # # NOTE: You can now use "site makecert" and "site removecert [name]" to # manipulate installed certificates. Certificate_Name = ceryfikatename # If no certificate was found at all and this is 'True' then at startup # try to create a new certificate automatically and load it for use. # Default is False. Create_Certificate = True # If undefined or 'True' the server will respond with a clear text FTP # greeting and users will send the 'AUTH TLS' or 'AUTH SSL' commands to # enable encryption. If set to 'False' then assume implicit encryption which # means negotiate TLS/SSl immediately before any text sent. You most likely # want to leave this with the default 'True' setting. Explicit_Encryption = True # You can limit the TLS/SSL negotiation method to: SSL2, SSL3, or TLS. # I strongly suggest leaving this undefined (the default) to support all 3 # methods. If you do modify this you should also consider passing the # appropriate NO_SSLv2, NO_SSLv3, and/or NO_TLSv1 options to the library # via the OpenSSL_Options feature below. # WARNING: This also affects data connections to/from the service. ;Encryption_Protocol = SSL3 # You can specify any v1.0 OpenSSL option flag to modify the encryption # library's behavior. Arguments are separated by "|" and the "SSL_OP_" prefix # should be left off. The complete list of options is available at: # http://www.openssl.org/docs/ssl/SSL_...t_options.html # The 2 suggested options are: # ALL - enable all compatibility options to work around broken SSL # implementations. # NO_TICKET - Disable RFC4507bis tickets for stateless session resumption. # FlashFXP disabled this because of issues with some Java SSL # implementations so I figure we should do the same. OpenSSL_Options = ALL|NO_TICKET # You can control which ciphers are available. Documentation is available at: # http://www.openssl.org/docs/apps/ciphers.html # The default of "DEFAULT:!LOW:!EXPORT" excludes anything under 128 bits. # NOTE: This affects both control and data connections! OpenSSL_Ciphers = DEFAULT:!LOW:!EXPORT # Active mode data transfers require the server to create connections to the # user specified IP/Port. For security reasons the server should be prevented # from connecting back to itself or initiating connections to any machine # behind a firewall. By default the server will block access to the following # non-routable private IP ranges: 10.* 172.16.* 192.168.* and the loopback # interface 127.*. To disable this feature entirely just specify 0.0.0.0 # as the host to block. You may however specify a custom list of IP addresses # or ranges using glob-style wildcards provided you don't skip any numbers # when enumerating them via 'Deny_Port_Host_'. starts at 1. ;Deny_Port_Host_1 = 127.* ;Deny_Port_Host_2 = 192.168.*.* ;Deny_Port_Host_1 = 0.0.0.0 # IDNT command restricted to use by these hosts. You may list up to 10 IP # addresses or hostnames (i.e. BNC_HOST_10) without skipping numbers. # You may use wildcards. ;BNC_HOST_1 = 127.0.0.1 # List of "devices" configured above to use for data transfers, none means # use Device_Name as data device. ;Data_Devices = # Traffic Balancing: use random or round robin among configured Data_Devices ;Random_Devices = True ############################################################################### ################################# NETWORK ################################# ############################################################################### [Network] # list of services (you just defined them above!) to start Active_Services = FTP_Service # If Ident_Timeout set to 0 the server won't send any IDENT requests, # in which case you'll need "*@..." for all user hostmasks or you need # to enable the Ignore_Hostmasks_Idents option. Ident_Timeout = 5 # Set ident timeout (10) Hostname_Cache_Duration = 1800 # Seconds cached hostname is valid Ident_Cache_Duration = 600 # Seconds cached ident is valid (1800) # Ignore ident portion of hostmasks. If you set this to true then the system # will ignore any ident difference and just examine the host/IP portion of # the hostmask. Ignore_Hostmask_Idents = False # To be removed from the ban list a user MUST NOT attempt to connect during # the temp ban time else he'll just keep pushing the ban farther out... Connections_To_Ban = 6 # 6 connections without a reset and # IP is temp banned (5) Ban_Counter_Reset_Interval = 60 # Temporary_Ban_Duration = 300 # Seconds host remains banned # Maximum time to suppress log entries for the same reason from the same IP. # Default is 10. ;Max_Log_Suppression = 10 # Number of minutes to increase the delay between each suppressed message # until Max_Log_Suppression is reached. Default is 1 additional minute per. # You can now array to get 1,2,etc messages per Max_Log_Suppression window # which with large values means you can reduce logfile spam if needed. ;Log_Suppression_Increment = 9 # this controls how often the socket bandwidth scheduling thread is run. If # you are not limiting bandwidth then this can be disabled. # Valid values: HIGH/NORMAL/LOW/DISABLED Scheduler_Update_Speed = HIGH # List of space separated wildcard IP/hosts that are immune from banning. # NOTE: There is a difference between IP addresses and hostname masks. The # decision about whether to reject an address for too many connection # attempts (i.e. auto-ban) is made immediately after the connection is # established. This means that the reverse DNS lookup to get the # fully qualified hostname hasn't even started yet (unless a cached # answer is still around and valid). This is usually fine since you # obviously can't be banned on the first attempt, but if you tried 10 # connection attempts all at the same time this might result in a ban # and rejection for some of them until the name finally resolves. # Once the name has been resolved the next connection attempt will # ignore and clear the temp ban. # NOTE: 127.0.0.1 is always immune. Immune_Hosts = 192.168.*.* # Permission list for user's whose IP/host masks should be immune from auto- # banning. Essentially this is the same as collecting up all the IP/host # parts of the matching user's hostmasks and automaticaly specifying them as # Immune_Hosts. The user list and associated IP/hosts are only updated at # startup and rehashes. # WARNING: just one user with *@* or something similiar (or changed to that # later on!) will effectively turn off auto-banning and thus use of # this option is discouraged! ;Immune_Users = I # Requirements/rules for adding IP masks by the specified users. You can # have up to 20 consecutive entries starting at 1 which will be processed in # numerical order with the first satisfied rule allowing the change. If # no rule is matched then the change is prohibited and the user shown a list # of valid rules for them. If Secure_Ip_1 is not defined everything is # acceptable for backwardward compatibility. # # Format: # = 0 -> User ident not required (*@...) # 1 -> User ident must be supplied (ident@...) # = 0 -> Only sets of numeric IPs allowed # 1 -> Allow fully qualified hostnames (...@hostname) # 2 -> Allow fully qualified hostnames that will be resolved # at login time allowed (:ident@hostname). # 3 -> any hostname/IP (may include wildcards OR be dynamic) # = Minimum number of non-wildcard fields separated by periods. # NOTE: A fully qualified hostname doesn't need to pass the minimum field # test so 's 1 and 2 ignore the argument. # # Master accounts can do whatever they want, but if they don't match a rule # the log entry and status message will indicate that a "master override" # was used. # # If you want to support *@* and other such things without that message # set this rule to match M (or whoever else) accounts instead of nobody (!*). ;Secure_Ip_1 = 0 3 0 !* # Allow *@1.2.*.* or ident@1.2.*.* or more specific style masks ;Secure_Ip_2 = 0 0 2 G1M # Allow ident@foo.bar.com style masks ;Secure_Ip_3 = 1 1 0 G1M # Allow dynamic :ident@foo.bar.com style masks ;Secure_Ip_4 = 1 2 0 G1M # Allow ident@*.bar.com style masks ;Secure_Ip_5 = 1 3 2 G1M # NOTE: Only M accounts can set *@* with these defaults # Maximum number of worker threads to use to resolve hosts. If you raise # this make sure to raise the number of Worker_Threads at the top of the # file to a larger value to keep from creating/destroying threads. Max_Resolver_Threads = 2 # If a user hostmask begins with a colon ":" and is a hostname without any # wildcards then during the login event you can control what happens. # undefined -> do nothing # "NEVER" -> do nothing # "KNOCKED" -> only do lookups if the user has successfully KNOCKED. # "ALWAYS" -> always lookup the specified hostname Dynamic_DNS_Lookup = ALWAYS # If Dynamic_DNS_Lookup is set to KNOCKED/ALWAYS or you are using an external # user module then in theory someone could watch for delayed responses to # the login command and try to statistically determine usernames. To prevent # this you can set this to the maximum number of seconds to randomly delay # all responses to the login command. ;Random_Login_Delay = 5 # Set this to true to automatically disconnect connections from hosts who # do not match any user's IP/host mask. ;Reject_Unknown_Ips = True # When using Reject_Unknown_Ips there is no way to even get to a login prompt # if your IP has changed. This can now be a common problem for people using # dynamic hostmasks. The solution is a very simple knock-knock system which # will add the knocking IP to a temporary list so you can connect. # Knocking essentially means connecting via TCP to between 1 and 5 ports in a # short amount of time (60 seconds per). This can easily be done in most FTP # programs by just setting up fake ftp servers on the knock ports and trying # to connecting in order, or by using the ioKnock GUI on windows machines. # # NOTE: You must connect in order! Thus using at least 3 non-sequential ports # means a sequential port scan won't trigger the knock and produce a # prompt on the real FTP port. ;Knock_1 = 14123 ;Knock_2 = 11123 ;Knock_3 = 12123 # How many elements of the dotted IP address should be obscured with * in # the logfiles. IP=1.2.3.4 with 1 -> 1.2.3.*, 2 -> 1.2.*.*, 3 -> 1.*.*.* # and 4 -> -hidden-. ;Obscure_IP = 2 # How many elements of the dotted hostname should be obscured with * in # the logfiles. NAME=baz.foo.bar.com with 1 -> *.foo.bar.com, 3 -> *.*.*.com # and if the name is totally obscured -hidden- will be shown instead. ;Obscure_Host = 1 # Log OpenSSL library errors during transfer to Debug.log. Default is false. Log_OpenSSL_Transfer_Errors = True ############################################################################### ################################# SECTIONS ################################ ############################################################################### [Sections] ## Maximum of 25 different credit sections ## # # = # = # = # # -> name to use for this path # -> section number to use for looking up user's ratio # -> section number to apply up/down statistics to, if # not defined then same as credit section. # -> section number to add/subtract credits, if not # defined then same as credit section # # Sections are looked up one of two ways: by path or by stats section. # In either case the first match found by processing the entries in # the order listed is used. Thus the first path that matches the current # directory determines the credit, stat, and share section numbers so # more specific paths should come first. When using the cookie # %[SectionName(#)] the field of the first line with a matching # is the name used. # # Examples: # # Default = 0 0 0 * # # The trivial case. Just one section defined. Nice and simple. # # Movies = 1 1 0 /Xvid/* # Movies = 1 1 0 /DVDR/* # Default = 0 0 0 * # # This server has two sections (0-1) and shows how you can have multiple # distinct paths be part of the same section. Notice the 0 as the third # integer for all three entries. This means that credits for up/downloading # are controlled by the user's section 0 credits but the ratio to apply # varies based on the user's associated section ratio. So if the user has a # 1:3 ratio for both section 0 and 1 it will appear as if the server isn't # using sections at all since their credits will works the same anywhere. # However it's possible that a user could have 1:3 ratio for section 1, and # leech for section 0 which would mean that particular user needs credits # for movie downloading but can grab anything else for free. The second # integer means movie up/down transfer statistics are tracked separately # which is particularly useful in this case with some users having leech # on particular sections. # # Games = 3 2 2 /XBOX/* # Games = 2 2 2 /Games/* # Movies = 1 1 0 /Xvid/* # Movies = 1 1 0 /DVDR/* # Default = 0 0 0 * # # This setup defines four sections (0-3). The key here is that the "Games" # section is actually made up of two sections that share credits distinct # from the rest of the server and can apply different up/down ratios based # on whether it's a PC game or and XBOX game. # # Games = 0 2 0 /XBOX/* # Games = 0 2 0 /Games/* # Movies = 0 1 0 /Xvid/* # Movies = 0 1 0 /DVDR/* # Default = 0 0 0 * # # This setup is actually a really simple case. It uses section 0 for ratio # and credits everywhere, but tracks up/down statistics based on path. # This can be rather useful information when viewing the userfile to # see who up/downs where. Default = 0 0 0 * ############################################################################### ################################### VFS ################################### ############################################################################### # ioFTPD uses unix-style permissions, meaning there is a user and group id # which determines the access rights for a file or directory. Permissions # are specified with the standard octal numeric representation of the # read/write/execute bits for user, group, and other. # # When looking at a directory listing you will see lines starting with: # # drwxr-xr-x 2 user group # -rwxrwxr-x 1 user group # ^^ ^ ^ # || | | # || | --- permissions for everyone # || ------ permissions for people in the same group as the file # |--------- permissions for the owner of the file # ---------- d for directory, - for file, l for symbolic link # # r = means you can read the file # w = means you can delete/write to the file # x = for directories means you can enter the directory. # # To get the numeric representation of the permission just add up the octal # bits for each trio of permissions for owner,group, or other... # 421 # rwx = 7 # rw- = 6 # r-x = 5 # r-- = 4 # # # format: : # [VFS] # The default is to give everyone just read access to all files and # directories and set the default owner of files to the ioFTPD account. # # format: : # Default_Directory_Attributes = 755 0:0 Default_File_Attributes = 644 0:0 # If a file is manually deleted (not wiped, but specifically deleted) then # subtract the filesize from appropriate day, week, month, alltime transfer # stats for the user who uploaded the file. Modify_Stats_On_Delete = False # The server now supports 3 modes for handling NTFS directory junctions and # symbolic links. # IGNORE : Treats all directories the same which means the server isn't # aware of NTFS reparse points at all [old method]. # # SHARE : Make the server aware of NTFS reparse points so it can just keep # a link to the target directory instead of a completely separate # directory listing in the dir cache. This mode also allows the # NTFS junction/symbolic link timestamp to be updated correctly # because it's aware that the time we are interested in is that of # the target directory and not the reparse point itself. For # servers with a lot of 'sorted' style links this will reduce # memory usage. NTFS reparse points still show up in directory # listings as plain directories. [new default for the moment] # # SYMLINK: This is effectively 'SHARE' mode as far as the directory cache # itself is concerned. When displaying the directory in listings # it should be shown as if it were an ioFTPD symbolic link to the # target directory. To me this is the preferred way to view the # listing, however extra processing is required to determine the # target of the link because NTFS junctions use real directory # paths and the server must return a VFS path just as ioFTPD # symbolic links do. Therfore a real->symbolic path converter is # used on the fly as the reversal is VFS mountfile dependent. # # NOTE: 'SYMLINK' mode has a real advantage over 'SHARE' mode. Because # the listing is clear that you are dealing with a link and not a real # directory you can safely and easily delete the link. In FTP clients # like Flash, Rush, etc this results in a simple file delete and they # won't ask permission, or try, to decend into the directory and start # deleting it's contents so it can remove the directory itself. This # is particularly important because doing so would remove the only # copy of the files as they are actually in the target directory. # # WARNING: For the moment reverse VFS resolving used in 'SYMLINK' mode # requires the target directory be exported in the .vfs file else # it won't be reversible. # # NTFS junctions (which are a type of reparse point): # http://en.wikipedia.org/wiki/NTFS_junction_point # NTFS symbolic links (available on Vista+ as a type of reparse point): # http://en.wikipedia.org/wiki/NTFS_symbolic_link # # IMPORTANT: If you use a script or if the server supports creating NTFS # symbolic links in the future please see the above symbolic link # article on how to enable the creation of symbolic links by # regular users and non-elevated admins which is something you want # to do for the account running ioFTPD. NTFS junctions which are # what most scripts use don't seem to require special permissions. # # Windows Explorer in Window XP and before show NTFS junctions (it doesn't # support NTFS symlinks) as regular directories. In Vista+ they show up # the same as shell shortcuts ( .lnk files) which makes them far more useful # since you realize you are dealing with a link and unlike ioFTPD symlinks you # can access the target directory by simply clicking on it. # # IGNORE, SHARE, SYMLINK NTFS_Reparse_Method = SYMLINK # This safety feature only works when 'NTFS_Reparse_Method' is set to 'SHARE' # or 'SYMLINK'. When enabled it prevents accessing files and directories that # are not explicitly exported via the VFS file. Thus a NTFS junction/symlink # to c:\Windows wouldn't work since it's unlikely you actually put that into a # VFS file. This is a safety feature for use with NTFS reparse points and # doesn't effect ioFTPD symbolic links because they already had to be valid # VFS paths and thus resolvable via the .vfs file. VFS_Exported_Paths_Only = True ################### ### PERMISSIONS ### ################### # These are RAW permissions. You must have permission here to even attempt # the indicated operation. After this check is made the finer grained # individual file or directory based access rights are applied. Thus this # section is for course grained access such as the entire /Incoming tree, # or the entire /Pub directory, etc. # # Detailed permissions for directories: # priviledge = # # : * -> everyone # - -> specific user # = -> specific group # ! -> don't allow whatever immediately follows # 0-9,A-Z -> Matches users who have the associated user flag # # NOTE: Permissions are processed from start to end and the first matching # is used. Thus more specific rules must come before catch-alls. # Here's an example of a generally Read Only server with a /Incoming # directory that allows regular users (the 3 flag) to upload just # to directories under /Incoming. If you want people to be able to # upload anywhere just change /Incoming/* to /*. Upload = /Incoming/* 31VM Resume = /Incoming/* 31VM MakeDir = /Incoming/* 31VM RemoveDir = /Incoming/* 1VM RemoveOwnDir = /Incoming/* 31VM Rename = /Incoming/* 1VM RenameOwn = /Incoming/* 31VM Overwrite = /Incoming/* 1VM Delete = /Incoming/* 1VM DeleteOwn = /Incoming/* 31VM # This defines everything else as Read Only for regular users. Upload = /* 1VM Resume = /* 1VM MakeDir = /* 1VM RemoveOwnDir = /* 1VM RemoveDir = /* 1VM Rename = /* 1VM RenameOwn = /* 1VM Delete = /* 1VM DeleteOwn = /* 1VM # nobody can overwrite a file, they must delete it and resend Overwrite = /* !* NoStats = /* !* # nobody can modify the timestamp of files TimeStamp = /* !* TimeStampOwn = /* !* # anybody can download anything... Download = /* * #NoFxpOut = /* * #NoFxpIn = /* * [Virtual_Dirs] # = [ "" ] TCL
 04-16-2011, 07:15 AM #7 Yil Too much time... FlashFXP Beta TesterioFTPD Administrator   Join Date: May 2005 Posts: 1,194 The reason FXP will work fine is because it's probably using your server in active (PORT) mode so the server is making outgoing FTP connections instead of listening for incoming... Why don't you test your router's forwarding to see if that's the problem. You can try a number of things, pick one of the forwarded ports and setup uTorrent on that and in it's menu try the test port option or whatever it has. Same thing is possible with FTP clients, setup port range on forwarded ports and try to use active (PORT) mode connections from a remote FTP server to see if that works for directory listings using list -al. If things like that work then you probably have the ports forwarded OK. Another HUGE issue you might have is with a firewall. Are you running a software firewall (including window's builtin one?). If you are make sure you allow incoming connections. A lot of firewalls allow outgoing by default but you need to explicitly allow incoming so that might be the problem as well.
 04-17-2011, 09:55 AM #8 kathorga Junior Member   Join Date: Apr 2011 Posts: 3 Ok guys, problem solved. Ports wasnt opened correctly. Thanks for help.

 Tags allowed, external, unabled, upnp, works

 Thread Tools Display Modes Rate This Thread Linear Mode Rate This Thread: 5 : Excellent 4 : Good 3 : Average 2 : Bad 1 : Terrible

 Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Forum Rules
 Forum Jump User Control Panel Private Messages Subscriptions Who's Online Search Forums Forums Home FlashFXP     News     Frequently Asked Questions (FAQ)     General Discussion     Custom Commands     Language Translations     FlashFXP v5.x Public Beta     Website ioFTPD     ioFTPD         ioFTPD beta             ioFTPD General             Knowledge Base             International Help             Bug Reports             Suggestions         Scripting             ! New Scripts Announces & Updates             ! Requests             ! Other Scripts Support             ADDiCT's scripts             bounty's scripts             bounty's dZSbot             Caladan's scripts             Eggdrop             Harm's scripts             NeoXed's scripts             SnypeTEST's scripts             StarDog's scripts             St0rm's scripts             tuff's scripts             Web interface             WarC's scripts Donationware     Software Community Chatter     A little bit of everything     Programming     Lounge

All times are GMT -5. The time now is 08:11 PM.

 -- FlashFXP Default ---- FlashFXP Dynamic Width -- Mobile Archive - Privacy Statement - Top Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)