Topic: ftp?

[cryblood]

I am certian that I am just missing something here (and I am quite sure it's my brain)

I have only recently had reason to try using FTP on my beloved e-smith 3.1 box in order to allow Micro$oft boy (Boss) to grab a file or two from home...  here's what I did.

1. I created an ibay... we'll call it "ms" for short,  I gave it the description of "stuff" (yes, I know, how cleaver of me) I also gave it "local" write, and "global" read, and made it have a password. (and no... I aint tellin ya that! hehe)

2. I coppied the much needed files into the "files" directory of the "ms" ibay.

3. I called Micro$oft boy and told him that they were there.

a few mins later, M$B (Micro$oft boy) called back saying that it wouldn't let him log in via ftp AT ALL!  with much trying and much gnashing of teeth we finally gave it up  Now I have to listen to M$B's crap about how it woulda been SO easy if I'da just put in a Micro$oft product... (I do get him to shut up by e-mailing him with a pricelist for the SW it would take to implement with an M$ solution, not to mention reminding him of the MANY security issues with M$ software)  but anyway... I digress...

here's my question,

WWWWAAAAAA!!!!!!!  What am I doing wrong???

more info;

I have finally been able to log into the e-smith box from a LOCAL computer via FTP and was able to look at the files that I put in the "primary" files directory, And I have always been able to get to the ibays via SMB (also known as M$ networking) BUT... try as I might, I have been unable to FTP into an ibay neither locally nor globally!

can someone post simple instructions on how to do this?  (like I said... I am probably missing something simple, but now that I've split my head open from banging it against this problem it'll probably take a slap or two to get me to understand how to do it.)


AND YES!  I DO FEEL STUPID!

cryblood

[Carl Enset]

I am not sure whether you have already worked this out but ..

With E-smith 4.0bx
(I am sorry I cannot remember how it is in E-Smith 3.x ...
 I think it is quite similar)
Under the Security Section of the Web Manager there is a page "Remote access" where along with setting up telnet access there is the configuration for ftp;

> You can also control FTP write access for the admin and user
> accounts on your e-smith server and gateway. (Note that write
> access is never permitted via anonymous FTP or  via the
> information bay accounts.)
>
> For security reasons, we strongly recommend setting this
> parameter to private unless you have a specific reason to do
> otherwise.
>
> FTP access:      [Public/Private]

A couple of point that are worth noting;

1) As stated ftp can be a security hole (though the ProFTP in
   E-smith seems to be less of a problem that the WuFTP included
   in many other distro's)  

2) This page is manipulating TCP Wrappers, it may be advisable
   that you edit this to only include the network (IP range)
   that M$Boy is coming from for this reduces the possible
   number of people that can exploit any holes.

[Brian Martin]

Hi Cryblood,

Don't feel stupid. I tried out your problem here in the office
and had the same problems. Then I went to the e-smith bulletin board (being a newbie myself) and found a few related postings. Apparently there is a bug with earlier versions of the e-smith server and gateway. When  using DHCP to aquire an external IP, global access to IBAYS does not work.

Here is an exerpt from the posting (by Paul Nesbit):

This is a result of a bug in the e-smith software that we are looking into right now. The bug
  will only affect clients using DHCP to obtain an IP for the external interface. For a quick
  workaround, follow these steps:

  1) find out what the assigned IP address is. To do this, run the command ifconfig (interface
  configuration) on the e-smith server and gateway. You should be able to determine which
  interface is external and what it's IP addy is.

  2) Reconfigure the e-smith server and gateway to use this IP as a static IP address.

  You will now be able to access you i-bays from the outside world. I am assuming for the moment
  you are using the server and gateway in dedicated mode. I realise this isn't the best fix, just
  a temporary workaround.

  Some cable-modem access providers require that you must use DHCP. If this is your case, set the
  e-smith server and gateway back to using DHCP - more than likely will be assigned the same IP
  and your i-bays should work.

-- This may or may not be of interest to you.

good luck

brian

cryblood wrote:

>
> I am certian that I am just missing something here (and I am
> quite sure it's my brain)
>
> I have only recently had reason to try using FTP on my beloved
> e-smith 3.1 box in order to allow Micro$oft boy (Boss) to grab
> a file or two from home...  here's what I did.
>
> 1. I created an ibay... we'll call it "ms" for short,
> I gave it the description of "stuff" (yes, I know,
> how cleaver of me) I also gave it "local" write, and
> "global" read, and made it have a password. (and
> no... I aint tellin ya that! hehe)
>
> 2. I coppied the much needed files into the "files"
> directory of the "ms" ibay.
>
> 3. I called Micro$oft boy and told him that they were there.
>
> a few mins later, M$B (Micro$oft boy) called back saying that
> it wouldn't let him log in via ftp AT ALL!  with much trying
> and much gnashing of teeth we finally gave it up  Now I have
> to listen to M$B's crap about how it woulda been SO easy if
> I'da just put in a Micro$oft product... (I do get him to shut
> up by e-mailing him with a pr....

[cryblood]

Hmmm....

no joy...  

in the security settings I found only a setting for telnet.  no setting for FTP.  Must be one of the exciting changes made going to e-smith 4.  I'm sure M$boy would have a hissy if I even thought about installing a beta, so I'll have to deal with 3.1 till the wonderful day when 4.0 finally arrives.

i looked at the DHCP problem and found that that doesn't apply to me either as I have a static IP.  (The Co. I work for actually owns a block and it's one of those)

i almost wonder if it may have to do with the fact that i'm just using the outside IP addy instead of some kind of resolved DNS name.  (/me grasping at straws)

well anyway, thank you for your efforts, i'm sure I'll eventually get it working... sooner or later (or much much much later)  and i'm sure it is the fault of that tall blonde guy that works here (namely me) who has probably fuged it up by playing with it too much.  (that guy really is annoying).

cryblood

[Michael Regan]

I have already notified e-smith about this problem and I thought they had posted some information on it. Guess not.

Anyway, there is a missing file in the 3.1 release. The file you need is /etc/pam.d/ftp. it sets up the security for proftpd. Without this file proftpd will allow an anonymous ftp but will not allow a user to log on. The problem is documented on the proftpd site.

The file is in the latest 4.x RPM. Download the RPM from the e-smith site.