HPE Community
Operating System - HP-UX
1849943 Members
2325 Online
104049 Solutions
New Discussion

Re: FTP access put issue from onside internal network

 
Sumeet_TCS
New Member

‎01-11-2006 10:55 PM

‎01-11-2006 10:55 PM

FTP access put issue from onside internal network

Hi,

We are having restrcicted ftp access setup on HP-UX server having HP-UX B.11.00 OS using default /etc/ftpd/ftpaccess file.

When a user id having /usr/lib/rsh shell is used to FTP to the server from our internal network the restricted access works fine. The user sees "/" as current dir & not the actual home dir that is set. Also user is able to put files & delete directories.

However when using the same user id (rsh shell) to FTP to the server from outside our internal network ftp's the same server, he is able to log on & view the files in the directory but not able to make directories or put files. Error Access Denied.
Only the FTP port has been opened on the fierwall.

Also tried ftp access with root login id on the server. But getting similar errors. Any ideas if there some other port are required to be opened from firewall?
Or any ftp configuration changes to be done on server side.

Any inputs on the same will be appreciated


Below is the contents for FTP config files -

cat /etc/ftpd/ftpaccess
loginfails 2

class local real,guest,anonymous *.domain 0.0.0.0
class remote real,guest,anonymous *

limit local 20 Any /etc/msgs/msg.toomany
limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

compress yes local remote
tar yes local remote

# allow use of private file for SITE GROUP and SITE GPASS?
private yes

# passwd-check []
passwd-check rfc822 warn

log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg

# all the following default to "yes" for everybody
delete no bob,guest,anonymous,csumeet # delete permission?
overwrite no bob,guest,anonymous,csumeet # overwrite permission?
rename no bob,guest,anonymous,csumeet # rename permission?
chmod no bob,anonymous,csumeet # chmod permission?
umask no bob,anonymous,csumeet # umask permission?

# specify the upload directory information
upload /home/MRII_Image * no
upload /home/MRII_Image /incoming yes NBSFTP FTP 0600
upload /var/ftp * no
upload /var/ftp /incoming yes root daemon 0600 dirs
upload /var/ftp /bin no
upload /var/ftp /etc no

# directory aliases
alias inc /incoming

# cdpath
cdpath /incoming
cdpath /pub
cdpath /

# path-filter...
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-

# specify which group of users will be treated as "guests".
guestgroup ftponly

email user@hostname


***********************************

# grep ftp /etc/inetd.conf
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l -u 022

***********************************

# grep NBS /etc/passwd
SSNFTP:x:***:***::/home/MRRI_Images/./incoming:/usr/bin/false

# cat /etc/shells
/usr/bin/ksh
/usr/bin/rsh
/usr/bin/sh
/sbin/sh
/usr/lbin/uucp/uucico
/usr/bin/false


Thanks,
Sumeet Prahlad Chandwani
0 Kudos
Reply
3 REPLIES 3
Peter Godron
Honored Contributor

‎01-12-2006 01:25 AM

‎01-12-2006 01:25 AM

Re: FTP access put issue from onside internal network

Sumeet,
as the only difference between access from inside/outside your network is the firewall, I would suspect the foirewall is the problem.
Are both ftp ports open on the firewall?
0 Kudos
Reply
Sumeet_TCS
New Member

‎01-12-2006 09:41 PM

‎01-12-2006 09:41 PM

Re: FTP access put issue from onside internal network

Yes. Both the FTP ports (21 & 20) have been opened on our N/w firewall between our internal server & the external server.

Thanks Sumeet
0 Kudos
Reply
Univer_1
Valued Contributor

‎01-17-2006 07:19 PM

‎01-17-2006 07:19 PM

Re: FTP access put issue from onside internal network

hi

can u open more ports for pasv data thransfer?
it may helps

Regards

Univer
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.