Bug#626524: proftpd-basic: DefaultAddress 127.0.0.1 not obeyed
Andrei Caraman
andrei.caraman at dc-uoit.ca
Thu May 12 16:57:22 UTC 2011
It seems the observed behaviour is almost as designed, and in order to
restrict access to localhost only, one needs to also set
SocketBindTight on
in addition to
DefaultAddress 127.0.0.1
After adding "SocketBindTight on", netstat shows
# netstat -tlpe
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 localhost.localdoma:ftp *:* LISTEN proftpd 2225685 1828/proftpd: (acce
and I can no longer connect remotely.
However, as per documentation at
http://www.proftpd.org/docs/directives/linked/config_ref_SocketBindTight.html
the intended behaviour for a server with "DefaultAddress 127.0.0.1" and
"SocketBindTight off" (the latter being the default setting) is to respond
with a "500 Sorry, no server available to handle request on xxx.xxx.xxx.xxx."
message on connecting to a different address than the default one. This was
not observed:
$ telnet server 21
Trying xxx.xxx.xxx.xxx...
Connected to server.
Escape character is '^]'.
220 ProFTPD 1.3.3a Server (Debian) [xxx.xxx.xxx.xxx]
user ftp
331 Anonymous login ok, send your complete email address as your password
pass foo at bar
230-Welcome, archive user ftp at chimera.dc-uoit.net !
230-
230-The local time is: Thu May 12 11:55:29 2011
230-
230-This is an experimental FTP server. If you have any unusual problems,
230-please report them via e-mail to <root at localhost>.
230-
230 Anonymous access granted, restrictions apply
Regards,
adc
More information about the Pkg-proftpd-maintainers
mailing list