muddleftpd-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Muddleftpd-cvs] CVSROOT: /cvsroot/muddleftpd


From: Beau Kuiper
Subject: [Muddleftpd-cvs] CVSROOT: /cvsroot/muddleftpd
Date: Tue, 04 Nov 2003 10:52:03 -0500

Module name:    muddleftpd
Branch:         dev-rugger-nat
Changes by:     Beau Kuiper <address@hidden>    03/11/04 10:52:03
Reply-to: address@hidden

CVSROOT:        /cvsroot/muddleftpd
Module name:    muddleftpd
Branch:         dev-rugger-nat
Changes by:     Beau Kuiper <address@hidden>    03/11/04 10:52:03

Added files:
        examples       : standard-nat.conf 

Log message:
        Added an example for new nat directives.

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/muddleftpd/muddleftpd/examples/standard-nat.conf?only_with_tag=dev-rugger-nat&rev=1.1.2.1

Patches:
Index: muddleftpd/examples/standard-nat.conf
diff -c /dev/null muddleftpd/examples/standard-nat.conf:1.1.2.1
*** /dev/null   Tue Nov  4 10:52:03 2003
--- muddleftpd/examples/standard-nat.conf       Tue Nov  4 10:52:03 2003
***************
*** 0 ****
--- 1,170 ----
+ #----------------------------------------------------------
+ # This is the main server configuration
+ 
+ [section] main
+ 
+ # allow connections from port 21
+ ftpport 21
+ 
+ # set maximum users to 200
+ maxusers 200
+ 
+ # log everything execpt debugging logs
+ logstrength 63
+ 
+ # set logfile
+ logfile /var/log/muddleftpd.log
+ 
+ # set default timeout to 300 seconds
+ timeout 300
+ 
+ # set the file displayed on login
+ logindump /etc/issue.ftp
+ 
+ # allow anyhost to connect
+ ipacl A:*
+ 
+ # set admin email address
+ email address@hidden
+ 
+ # set groups to run through. one group is to catch invalid usernames
+ # like root and uucp. The next catches anonymous users, the last one
+ # for normal users
+ group badusers
+ group anonymous
+ group localusers
+ 
+ # set scratchfile for inetd operation
+ scratchfile /var/lock/muddleftpd.scratch 
+ 
+ # set hostname to something reasonable
+ hostname testserver
+ 
+ # set the greeting
+ greeting Welcome. Enter a username. Use 'anonymous' to access software 
archive.
+ 
+ # set the ports 4050-4070 for passive connections. These are forwarded on
+ # the NAT gateway to the internal machine
+ pasvrange 4050-4070
+ 
+ # let muddleftpd know the external IP is 218.214.0.5
+ natip 218.214.0.5
+ 
+ # or we could specify it as a hostname ... useful for people who use dynamic
+ # dns
+ #natip test.homeip.net 
+ 
+ # let muddleftpd know what boxes are local, and what are on the internet
+ # use the code L for local machines, R for remote ones (that connect via the
+ # NAT gateway). Like ipacl lists, these are processed in order from top to
+ # bottom, with the first match indicating if a machine is local or remote.
+ nat_netclass L:127.*
+ nat_netclass L:192.168.*
+ nat_netclass L:10.0.0.0/255.0.0.0
+ nat_netclass R:0.0.0.0/0.0.0.0
+ 
+ #----------------------------------------------------------
+ # This configures badusers. It catches any bad usernames that
+ # should not be logged into
+ 
+ [section] badusers
+ 
+       # tell it to accept the usernames root, uucp and news
+       nameacl A:root
+       nameacl A:uucp
+       nameacl A:news
+       
+       # accept these usernames from any host.
+       ipacl A:*
+ 
+       # tell the server these usernames are disabled
+       authmethod disabled
+ 
+       # set the maxuser count of this group to 0 so it isn't
+       # added to the stats
+       maxusers 0
+ 
+ #----------------------------------------------------------
+ # This configures the anonymous user.
+ # Note: if the following doesn't work, then your computer
+ #       needs the ftp user to be set.
+ 
+ [section] anonymous
+ 
+       # tell the group that is can accept any host
+       ipacl A:*
+ 
+       # tell the server to accept anonymous or ftp for this group
+       nameacl A:anonymous
+       nameacl A:ftp
+ 
+       # tell the server to use chroot to the anonymous rootdir
+       chroot 1
+ 
+       # tell the server to use the ftp user as the anonymous rootdir
+       # and uid/gid
+       authparams ftp
+ 
+       # tell the server to use the anonymous authenticator, and
+       # accept any password.
+       authmethod anonymous
+ 
+       # disallow any changes to file permissions or upload umask
+       chmoding 0
+ 
+       # print out this file when the user logs in. It is not relative
+       # to anonymous's rootdir
+       welcome /home/ftp/welcome.msg
+ 
+       # display this file when a user changes into a new directory
+       cddump .message
+ 
+       # display this file when too many users are logged on
+       busydump /etc/msgs/msg.toomany
+ 
+       # set the umask files are uploaded with
+       umask 077
+ 
+       # give anonymous user read/list access everywhere and add/list access
+       # to the incoming folder. The / on the end of the second directive
+       # tells muddleftpd to apply ACL to a directory rather than a file.
+       access /:RLC
+       # uncomment this line to enable upload area. Can only add files.
+       # access /incoming/:ALC
+       
+       # limit the size of this group so localusers can log in too
+       maxusers 100
+ 
+       # set the niceness of anonymous users to 10
+       nice 10
+ 
+ #----------------------------------------------------------
+ # This configures the normal users.
+ 
+ [section] localusers
+ 
+       # tell the group that it can accept any host that the last group
+       # didn't get
+       ipacl A:*
+ 
+       # tell the server to accept any username for this group
+       nameacl A:*
+ 
+       # tell the server to use chroot to the user's rootdir
+       chroot 1
+ 
+       # set the users rootdir to their homedir, to lock them in there
+       rootdir %h
+       
+       # set the users homedir to /, so he ends up in his own homedir
+       homedir /
+ 
+       # tell the server to use the unix authenticator, useful against
+       # normal password files
+       authmethod unix
+ 
+       # give normal users full access to their userspace
+       access /:ALL
+ 
+       # allow server-server transfers with localusers
+       fxpallow 1




reply via email to

[Prev in Thread] Current Thread [Next in Thread]