Re: [SLE] susefirewall2 and ftp
- From: wavesurf@xxxxxxxxx
- Date: Wed, 07 Dec 2005 13:29:41 +0100
Op woensdag 7 december 2005 07:25, schreef Chadley Wilson:
> On Wed, 2005-12-07 at 06:36 +0100, wavesurf@xxxxxxxxx wrote:
> > Op woensdag 7 december 2005 04:03, schreef John Scott:
> > > On 12/6/05, wavesurf@xxxxxxxxx <wavesurf@xxxxxxxxx> wrote:
> > > > Hello,
> > > >
> > > > I have setup "vsftpd" and it works fine with the firewall off.
> > > > The problem is, that there is no option, in the service, in the
> > > > firewall-yast, for FTP?
> > > > What am i missing?
> > > > --
> > > > thanks,
> > > > Gerrit Jan Eldering
> > > >
> > > > KDE-versie: 3.5.0 Level "a"
> > > > Systeem: SuSELinux 10.0
> > > > Kernel: 2.6.13-15-default
> > >
> > > In susefirewall-yast, click allowed services then advanced and add
> > > then add 21 to the tcp list of ports.
> > >
> > > John
> >
> > I did so, but that won't work, it's very strange...
> > --
> >
> > --
> >
> > Gerrit Jan Eldering
> >
> > KDE-versie: 3.5.0 Level "a"
> > Systeem: SuSELinux 10.0
> > Kernel: 2.6.13-15.7-default
>
> Hi Gerrit,
>
> I had a similar issue before,
> Firstly if you have one network interface, you must set the interface as
> an external, then you must disable protect from internal, because it
> will override the external settings, external being the same interface
> as internal in my case. enable ports 20 and 21 remember to type the port
> numbers in space separated and no commas. (just a space.)
>
> Enable the firewall then from a local shell run
> #netstat --tulpen
>
> post the output which shows what services are running and which ports.
>
> Then port scan your box to see if the port is available.
>
> #nmap <your-ip>
>
> which will show which ports are available.
> post the output as well,
>
> does your /etc/xinetd.d/vsftpd file look like this?
>
> service ftp
> {
> # server_args =
> # log_on_success += DURATION USERID
> # log_on_failure += USERID
> # nice = 10
> disable = yes
> socket_type = stream
> protocol = tcp
> wait = no
> user = root
> server = /usr/sbin/vsftpd
> }
>
>
> and this is a copy of my vsftp.conf file which is just for anonymous
> connections.
>
> chadlap:~ # grep -v ^# /etc/vsftpd.conf
>
> dirmessage_enable=YES
> anonymous_enable=YES
> anon_world_readable_only=YES
> syslog_enable=YES
> connect_from_port_20=YES
> pam_service_name=vsftpd
>
>
> keep posting... :')
>
> Cheers
> Chadley
Chadley,
Still working on it.
I have 2 cards, one internal and one external.
The 2 files are the same now, was missing "disable = yes".
It still won't work, i think the problem is port 20....
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
10082/tcp filtered amandaidx
10083/tcp filtered amidxtape
#netstat --tulpen this one won't work?
Maby you will look here to see what the problem is;
Dec 7 13:17:58 linux vsftpd: Wed Dec 7 13:17:58 2005 [pid 9783] CONNECT:
Client "123.123.123.123"
Dec 7 13:17:58 linux vsftpd: Wed Dec 7 13:17:58 2005 [pid 9783] FTP
response: Client "123.123.123.123", "220 (vsFTPd 2.0.3)"
Dec 7 13:17:58 linux vsftpd: Wed Dec 7 13:17:58 2005 [pid 9783] FTP command:
Client "123.123.123.123", "USER gerritjanftp"
Dec 7 13:17:58 linux vsftpd: Wed Dec 7 13:17:58 2005 [pid 9783]
[gerritjanftp] FTP response: Client "123.123.123.123", "331 Please specify
the password."
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9783]
[gerritjanftp] FTP command: Client "123.123.123.123", "PASS <password>"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9782]
[gerritjanftp] OK LOGIN: Client "123.123.123.123"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "230 Login
successful."
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "SYST"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "215 UNIX Type: L8"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "PWD"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "257 "/""
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "TYPE I"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "200 Switching to
Binary mode."
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "PASV"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "227 Entering Passive
Mode (192,168,1,102,54,64)"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "SIZE /"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "550 Could not get
file size."
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "MDTM /"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "550 Could not get
file modification time."
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "RETR /"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "550 Failed to open
file."
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FAIL DOWNLOAD: Client "123.123.123.123", "/", 0.00Kbyte/sec
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "PASV"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "227 Entering Passive
Mode (192,168,1,102,45,99)"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "CWD /"
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "250 Directory
successfully changed."
Dec 7 13:18:00 linux vsftpd: Wed Dec 7 13:18:00 2005 [pid 9784]
[gerritjanftp] FTP command: Client "123.123.123.123", "LIST"
Dec 7 13:19:00 linux vsftpd: Wed Dec 7 13:19:00 2005 [pid 9784]
[gerritjanftp] FTP response: Client "123.123.123.123", "425 Failed to
establish connection."
--
thanks,
Gerrit Jan Eldering
KDE-versie: 3.5.0 Level "a"
Systeem: SuSELinux 10.0
Kernel: 2.6.13-15.7-default
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
- Follow-Ups:
- Re: [SLE] susefirewall2 and ftp
- From: Damon Register
- Re: [SLE] susefirewall2 and ftp
- From: Chadley Wilson
- Re: [SLE] susefirewall2 and ftp
- References:
- [SLE] susefirewall2 and ftp
- From: wavesurf
- Re: [SLE] susefirewall2 and ftp
- From: wavesurf
- Re: [SLE] susefirewall2 and ftp
- From: Chadley Wilson
- [SLE] susefirewall2 and ftp
- Prev by Date: [SLE] e2fsck to lost+found
- Next by Date: [SLE] HFS+-fs: inconsistency in B*Tree
- Previous by thread: Re: [SLE] susefirewall2 and ftp
- Next by thread: Re: [SLE] susefirewall2 and ftp
- Index(es):
Relevant Pages
|
