passive ftp not possible

steve

10 Oct 2002 10 Oct '02

21:14

Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere? Thanks, Steve. vsftpd (works with active on the client) and SuSE 8.0 FW_DEV_EXT="eth0" FW_DEV_INT="" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="20 21 http ssh" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ=""

Show replies by date

Anders Johansson

10 Oct 10 Oct

21:34

New subject: [SLE] passive ftp not possible

fsanta@arrakis.es wrote:

...

Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere? Thanks, Steve. vsftpd (works with active on the client) and SuSE 8.0

<snip> Looks more or less the same as my setup. Assuming it works if you turn the firewall off, you may want to run a test with all logging options turned on (you'll find them towards the end of the config file), and see if that can give any clues. All firewall output can be found in /var/log/messages, among other places //Anders

steve

11 Oct 11 Oct

11:39

New subject: [SLE] passive ftp not possible

On Thursday 10 October 2002 23:34, Anders Johansson wrote:

...

fsanta@arrakis.es wrote:

...
Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere? Thanks, Steve. vsftpd (works with active on the client) and SuSE 8.0

<snip>

Looks more or less the same as my setup.

Assuming it works if you turn the firewall off, you may want to run a test with all logging options turned on (you'll find them towards the end of the config file), and see if that can give any clues.

All firewall output can be found in /var/log/messages, among other places

//Anders

It doesn't work even if I turn the firewall off. Where should I look next? Thanks for your patience, Steve.

zentara

07:05

New subject: [SLE] passive ftp not possible

On Thu, 10 Oct 2002 23:14:50 +0200 steve wrote:

...

Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere?

...

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"

Quess: maybe explicitly add ftp-data here? Maybe "yes" isn't doing the trick? FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data ,yes" or maybe check /etc/vsftpd.conf and experiment with the pasv_promiscious setting -- use Perl; #powerful programmable prestidigitation

steve

23:00

New subject: [SLE] passive ftp not possible

On Friday 11 October 2002 09:05, zentara wrote:

...

On Thu, 10 Oct 2002 23:14:50 +0200

steve wrote:

...
Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere?

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"

Quess: maybe explicitly add ftp-data here? Maybe "yes" isn't doing the trick?

FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data ,yes"

or maybe check /etc/vsftpd.conf and experiment with the pasv_promiscious setting

Thanks. There seem to be many more booleans to set than one would imagine from just working through vsftpd.conf. I wish they'd put everything configurable commented out if default, into the stuff in /etc. Exemplary is the SuSEfirewall2 script. Yeah, ok. rtfmp. Slapped wrists.

Marek Libra

08:52

New subject: Limiting of bandwidth of interface

Hi, I would like to limit transfer rate at eth0 due to testing an application. Currently I'm using the 'tc' command: tc qdisc add dev eth0 root tbf rate $1 buffer 5kb/8 limit 10kb It works fine for outgoing packets, but I would like to limit overal transfer rate (incoming and outgoing). This should simulates slow connection to internet using our local fast LAN. In Advanced-routing howto I found 'tc qdisc' is for outgoing packets only. Measuring with 'iptraf' shows that this is true. Any idea? Thank you very much. _______________________________________________________________ Marek Libra Phone:+42 0776 039 948 Email: xlibra@fi.muni.cz Faculty of Informatics, Masaryk University Brno, Czech Republic _______________________________________________________________

Togan Muftuoglu

09:15

New subject: [SLE] Limiting of bandwidth of interface

* Marek Libra; on 11 Oct, 2002 wrote:

...

It works fine for outgoing packets, but I would like to limit overal transfer rate (incoming and outgoing). This should simulates slow connection to internet using our local fast LAN.

In Advanced-routing howto I found 'tc qdisc' is for outgoing packets only. Measuring with 'iptraf' shows that this is true.

Any idea?

Actually you have found the correct documentation AFAIK you can only police the traffic coming in but not shape it. If you used the online howto look for other links htp://docum.org if I recall correctly -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Marek Libra

10:50

New subject: [SLE] Limiting of bandwidth of interface

I'm confused with so many posible tc's arguments :-( My computer is router with two ethernet interfaces. The 'tc' command tc qdisc add dev eth0 root tbf rate 64kbit buffer 5kb/8 limit 10kb can limit outgoing trafic at eth0 (not incoming). It is possible to limit outgoing trafic at eth1 too, so total rate (input and output) will be limited. Unfortunately I'll become for simulated internet 128kbit only 64+64 in real at our LAN. But it should be OK.

...

From other reason I can limit outgoing rate at eth1 only for some hosts with specific IP (that I know). Other application runing at router must have maximal possible transfer speed through eth1.

Please, how can I correct the 'tc' command to be applied only for source address 1.2.3.4 in ip header? Thanks.

7875

Age (days ago)

7876

Last active (days ago)

List overview

Download

7 comments

5 participants

participants (5)

Anders Johansson
Marek Libra
steve
Togan Muftuoglu
zentara