Re: [SLE] susefirewall2 and ftp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


The Friday 2005-12-09 at 20:21 +0100, Sjoerd Hiemstra wrote:

> > server, after getting the connection in his port 21, opens an outgoing
> > connection to the client in port 20. There are thus two connections,
> > one for control, another for data sent.
> >
> > Passive does not need that port open in the client.
>
> Looks like it's related to the issue I'm dealing with.
> Simply using gFTP as an ftp client.
> Works well with all ftp servers except for one that needs passive mode
> disabled.
> (In gFTP: FTP > Options > tab FTP > uncheck 'Passive file transfers')
> This only works if the firewall is stopped, although the above suggests
> that opening port 20 would be sufficient.

In older versions of SuSE we used this in "/etc/sysconfig/SuSEfirewall2":

FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"

But since I don't know exactly when (but some at some point in time since
we use kernel 2.6.x) the conntrack module should take care of that
transparently. In SuSE 9.3 it is not needed, that I know.

> >From the gFTP log, after logging in:

I don't know the exact point at which the data port connection is needed;
but if you open that port if it works, then that was it.

- --
Cheers,
Carlos Robinson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFDmhQLtTMYHG2NR9URAo8sAJ43Znywy4bMbiXCx+Z9FPjYoeglbgCfe5ju
bb2izoR1Y/81qasuRcrS4Hg=
=iuGH
-----END PGP SIGNATURE-----


--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx

Relevant Pages

  • Re: interfaces lo:1 lo:2 lo:3? (for remote ssh tunnels)
    ... That's the problem tunneling (port forwarding) solves. ... >>can't get past the client firewall. ... > I don't understand why the server would be making the ... server initiates another connection to the client -- in this ...
    (Debian-User)
  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... So if 3389 needs forwarded on the client end too then that is what the ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
  • Re: Why encapsulate state pattern......
    ... >>>without changing the interface nor the object's identity. ... >> closing an already closed port. ... is that the client has to track a rule that says old states need to be ... is open, in order to send data, so it needs to know that open, opens ...
    (comp.object)
  • RE: Telnet/ftp problems SBS2000
    ... Please make sure your client computers are configured as both Firewall ... will find two options "Enable folder view for FTP sites" and "Use Passive ... that the control connection has been successfully established, ... (other than port 21) ...
    (microsoft.public.windows.server.sbs)
  • Re: One workstation cant access email from ISP - CROSSPOST
    ... Remove or disable the ISA Firewall client. ... Ethernet adapter Wireless Network Connection: ... Switch is nothing more than a patch panel; ... port - same result. ...
    (microsoft.public.exchange.admin)