Scribd Logo
Carica

Benvenuto in Scribd!

  • Fixing FTP Problems With Apple Airport and OS...

    Caricato da

    Anonymous F4YGUk9f
    24 visualizzazioni5 pagine
    Fixing FTP Problems With Apple Airport and OS...

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Fixing FTP Problems With Apple Airport and OS...

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    24 visualizzazioni5 pagine

    Fixing FTP Problems With Apple Airport and OS...

    Caricato da

    Anonymous F4YGUk9f
    Fixing FTP Problems With Apple Airport and OS...

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    Fixing FTP problems with Apple Airport and OS X Panther/Jaguar

    2-06-2005 21:01

    About this Document


    This document is not a step-by-step how-to tutorial. It's primary goal is to help you understand why it's not
    working, and provides links to various information sources that will provide step-by-step instructions
    The Symptom
    After installing an Apple Airport Base Station (ABS) as your Internet Router in its default configuration
    (DHCP & NAT turned on) you can no longer FTP back to your OS X box (Jaguar or Panther -- still!)
    through a firewall, even after turning on port mapping.
    Apple's Recommended Solution (from the Airport Help Pages)
    To ensure that requests are routed to your Web, AppleShare, or FTP server
    properly, you need to establish a permanent IP address for your server and
    provide inbound port mapping information to the AirPort Base Station.
    For more information on port mapping, see the document "Designing AirPort
    Networks 2," located at www.apple.com/airport

    This answer didn't work for me. I bought the Apple Base Station specifically to be both a Wireless Access
    Point (WAP) as well as a NAT. Other, cheaper WAP/NAT boxes allow several configuration options that
    the most current Apple Base Station Admin Utility Software does not. The two missing configuration items
    requiring me to 'work different' were:
    ABS Software Missing Item #1: locking a specific DHCP'd IP address to a specific MAC
    address (the address of your network card), so that while a machine is still leasing an IP address, it
    gets the same IP address each time. This would be sooooo nice for things like TiVo and ethernet
    printers!!!
    and
    ABS Software Missing Item #2: range-based port mapping assignments (instead of single port
    to port mapping).
    To get things up and running most effectively, you need to solve both problems.
    Workaround for Issue #1: Semi-permanent DHCP'd IP address

    http://www.prairienet.org/~mcc/AirportFTPSetup.html

    Pagina 1 di 5

    Fixing FTP problems with Apple Airport and OS X Panther/Jaguar

    2-06-2005 21:01

    This can most easily be accomplished by setting the DHCP lease time to 9999, as seen highlighted in red
    below:

    Fig 1: Airport Admin Utility - Setting ABS as a NAT/DHCP server with extended lease time
    Note that should you need to reassign your DHCP'd addresses in the future (in the next 27 years, anyway)
    you'll need to flip your System Preferences:Network:TCP/IP settings to manual, apply/save, and then flip
    them back to DHCP. There's probably a one-line command available from the terminal (as there is in
    Windows 98/2000/NT/XP) but this works for me.
    You could manually assign each of your computers a TCP/IP address, say 10.0.1.201, but I like to keep
    things all in one place, and it's easier to keep all of my TCP/IP configuration for all the machines on my
    network in one spot, and serve them out via DHCP. It also means that if the ISP updates their DNS servers,
    then DHCP will also update the individual computer's DNS settings. You could also set OS X up to use a
    manual IP address with DHCP'd everything else.
    That was the easy part.
    Workaround for Issue #2: The port mapping by range problem
    To understand this problem you must first understand some of the nuances of how FTP works, specifically,
    the differences between active and passive FTP. In a nutshell, most system administrators prefer to firewall
    all but the well-known ports on their network. With FTP, it forces the insecure portion of the connection to
    occur on the serving machine (i.e., my mac at home). After the initial connection is made, the FTP server
    will shift the data transfer portion of the connection to a random, open, high-numbered port. Well, the Apple
    Base Station also firewall's, and it prefers that the insecure portion of the connection occurs on the other end.
    So... we have two very secure networks, and the end result is you're not getting any work done. So let's
    make things on my end a lot more insecure. The obvious thing to do is to port map all the 'ephemeral' ports
    -- all the high numbered ports that aren't assigned to a well-known protocol -- to our FTP server. The typical
    way to do this is to put a line in your NAT server like this:

    http://www.prairienet.org/~mcc/AirportFTPSetup.html

    Pagina 2 di 5

    Fixing FTP problems with Apple Airport and OS X Panther/Jaguar

    Public Ports (on


    ABS)
    49152-65534

    2-06-2005 21:01

    Private IP Address (of your


    Private Ports (on Your
    Mac)
    Mac)
    10.0.1.2
    49152-65534
    Fig 2: Portmapping - The way it oughtta be!

    But you CAN'T! The best you can do is add an individual entry for each single solitary port like this:

    Fig 3: Airport Admin Utility - Portmapping - The way it is :-(


    Obviously, individually port mapping all of the possible upper level ports that Apple's built-in FTP daemon
    uses would be a bit of a chore, not to mention that I've read somewhere that the ABS Utility software cuts
    you off at twenty entries in the section shown above. So I mapped 11 (60000 - 60010).
    The next problem is to get your FTP server to use only those upper-level ports you've mapped for passive
    FTP. The FTP server that's distributed with OSX.2.3 is the default Free BSD FTP server, lukemftpd and I
    know little about it, other than it's exceedingly difficult to find information about how to configure it -- if it
    takes me more than 15 minutes searching with Google to find a relevant tutorial/manual, it gets ranked as
    'exceedingly difficult'. So I went and installed an FTP server I'd played around with before, and
    had received good reviews -- ProFTPd.
    Under Jaguar it initially took me a couple of days tweaking to get ProFTPd up and running. However upon
    reviewing these instructions for Panther, I found something better (MUCH easier to setup, and touted to be
    more secure). PureFTPd, via PureFTPd Manager (PayPal donation highly recommended!). It functions as a
    complete replacement for lukemftpd, meaning that it uses the Mac OS X userlist and I can turn it on and off
    via the System Preferences:Sharing control panel. Download and install PureFTPd Manger, and it will also
    install the PureFTPd server. Sweet. Downloaded, installed and up and running in 15 minutes. Sweeter.
    Much better than 'a couple of days of tweaking'. Sweetest. Did I mention donating to the developer via
    Paypal?
    So, after running the install package, launch PureFTPd Manager.app. It will lead you through a basic setup
    wizard, the default settings should be fine. Next you should see this screen:

    http://www.prairienet.org/~mcc/AirportFTPSetup.html

    Pagina 3 di 5

    Fixing FTP problems with Apple Airport and OS X Panther/Jaguar

    2-06-2005 21:01

    Fig 4: PureFTPd Manager - accessing preference pane to set passive ports


    Select the preferences button , then select the Server Settings icon on the next window (shown below).

    Fig 5: PureFTPd Manager - accessing Server preference pane to set passive ports
    And last, set your passive port settings using the range you entered into the Airport Admin Utility:

    Fig 6: PureFTPd Manager - Setting passive ports


    So after restarting the ftp server (PureFTPd Manager should prompt you anytime you need to restart the
    server due to a configuration change), leave the main PureFTPd Manager window up (Fig 4) and attempt to
    ftp from the CLI (command-line interface, ie, Terminal.app) to the loopback address on the same machine as
    the ftp server. It should look something like this:

    http://www.prairienet.org/~mcc/AirportFTPSetup.html

    Pagina 4 di 5

    Fixing FTP problems with Apple Airport and OS X Panther/Jaguar

    2-06-2005 21:01

    admin:~ mcchild$ ftp 127.0.0.1


    Connected to localhost.
    220---------- Welcome to Pure-FTPd [TLS] ---------220-Local time is now 11:34. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    Name (127.0.0.1:mcchild):
    Fig 6: Terminal.app - Testing FTP server via loopback address
    Once you're at this stage, the next is to ftp to your server from a machine on your inside network, and once
    that is sucessfull, the real test -- ftping from outside your network (at which point you're going through the
    ABS).
    Should you run into problems at any of these points, an invaluable (and free!) tool to use is Ethereal, a
    packet Analyser (aka, Sniffer). It's a bit of a pain to install as it is an X Windows Application (best to
    use Fink and Fink Commander to install, and you'll also most likely need to install Apple's X11 software -Panther or better). Ethereal it has its own steep learning curve as well, but it will tell you everything you
    need to know (and more, if you're not precise) about the packets flying around on your network. An extra
    added bonus is that if you ever need to run it on a Unix or a Windows box, you can download and install a
    version for those platforms as well, so you don't have to relearn a complex program. Once you've gone
    through the trouble to get all of that installed, then you really should go one more step farther and use Fink
    Commander to install The GIMP, and stop shelling out $700 for Adobe Photoshop just to edit images for
    your webpages ;-)
    Security
    So you could stop here, since you've got everything working but you really should muck things up by
    making things secure. In PureFTPd you should disable the guest ftp account, and also force an sftp (secure
    ftp) connection -- both of these available through the preference pane of PureFTPd Manager. And you'll
    need to get to portmap ports 22 and 115 on the ABS in addition to ports 20 and 21 shown in Fig 1.
    Ports 20/21 are the standard ftp ports, 22 is the secure shell (ssh) port (a secure version of telnet, which is
    also used by sftp), and 23 is used by normal, insecure telnet (which is off by default in both Panther and
    Jaguar). Ideally after sucessfully testing the insecure setup to make sure everything works, one should switch
    over to secure ftp and telnet and ports 20/21 and 23 should be UNmapped, leaving just 22 and 115 and the
    passive ftp (now sftp) ports. The other port shown mapped in Fig 1 is port 80, which is the HTTPd port, i.e.,
    The Apache webserver.
    Good Luck! If you need help, drop me a line and I'll see what I can do to help. Note that the e-mail address
    is a graphic to discourage spam-crawlers, so you'll need to retype it.
    Matt <

    >

    Has this page been of service to you? If so, I'd be honored if you would consider supporting it with
    a small donation by PayPal:

    http://www.prairienet.org/~mcc/AirportFTPSetup.html

    Pagina 5 di 5

    Potrebbero piacerti anche