[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

need help with anon FTP access via a web browser

Greetings to all,

As you all know, most web browsers like IE and Netscape have built in basic FTP functionality using URLs like ftp://ftp.mydomain.com. In fact, the same browsers *also* let you upload files provided access permissions are appropriate--you simply drag-and-drop files onto the browser window. I am hoping to use this functionality for inexperienced users so they can easily upload files to an anonymous FTP server.

Yes, I recognize the potential danger of anonymous FTP write access, but I have set directory permissions appropriately, and totally ratcheted down the FTP account quota to help prevent abuse. Also, before you say "have the end user get a real FTP client instead of their web browser", note that I am talking about really inexperienced folks who think Fetch for the Mac is an Internet protocol (for those who don't know, Fetch is a Mac FTP client). I don't want to waste my time giving them a tutorial on how to download and install a real FTP client--I'd just like a simple solution involving tools which are almost certainly available; hence, the web browser.

So I have set up anonymous FTP access on an OBSD v3.1 based server, and it works totally fine when accessed via an active mode FTP client (e.g. a command line one, or WS_FTP in active mode, etc.). But when I try to access it using a web browser with a URL like ftp://ftp.mydomain.com, the browser just times out, and eventually gives me a "page cannot be displayed" or similar error. I am pretty certain this has to do with the fact that the web browser attempts to use passive mode FTP.

I have already read the man pages, scoured the FAQ, and done a bunch of other web/Usenet searching for an easy solution to this, but there doesn't seem to be one. Could anybody help out with a suggestion on how to fix this? Note that the solution should be based entirely on the server side, and not put any more responsibility on the end-user.

More specs on the server system are listed below for those who are interested, and would like to help. Thanks in advance to all for your help.


system specs: -----------------------

1.) running OBSD v3.1-stable, but fully patched
2.) the stock FTPD daemon is started at boot via the rc system (e.g. /usr/libexec/ftpd -DllUSA)
3.) pf is running on the server with following config:

#       $OpenBSD: pf.conf,v 1.3 2001/11/16 22:53:24 dhartmei Exp $
# See pf.conf(5) for syntax and examples

# pass all packets in and out (these are the implicit first two rules)
# pass in all
# pass out all

# Define useful variables ExtIF="xl0" # External Interface IntNet="" # Our internal network NoRouteIPs="{,,, }" Services="{ www, ssh, ftp }"

# Clean up fragmented and abnormal packets
scrub in all

# don't allow anyone to spoof non-routeable addresses
block in  quick on $ExtIF from $NoRouteIPs to any
block out quick on $ExtIF from any to $NoRouteIPs

# by default, block all incoming packets, except those explicitly
# allowed by further rules
block in on $ExtIF all

# allow others to use http and ssh and ftp
pass in on $ExtIF inet proto tcp from any to any port $Services flags S/SA keep state

# and let out-going traffic out and maintain state on established connections
# pass out all protocols, including TCP, UDP and ICMP, and create state,
# so that external DNS servers can reply to our own DNS requests (UDP).
block out on $ExtIF                 all
pass  out on $ExtIF inet proto tcp  all flags S/SA keep state
pass  out on $ExtIF inet proto udp  all            keep state
pass  out on $ExtIF inet proto icmp all            keep state

Visit your host, monkey.org