Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere? Thanks, Steve. vsftpd (works with active on the client) and SuSE 8.0 FW_DEV_EXT="eth0" FW_DEV_INT="" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="20 21 http ssh" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ=""
fsanta@arrakis.es wrote:
Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere? Thanks, Steve. vsftpd (works with active on the client) and SuSE 8.0
<snip> Looks more or less the same as my setup. Assuming it works if you turn the firewall off, you may want to run a test with all logging options turned on (you'll find them towards the end of the config file), and see if that can give any clues. All firewall output can be found in /var/log/messages, among other places //Anders
On Thursday 10 October 2002 23:34, Anders Johansson wrote:
fsanta@arrakis.es wrote:
Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere? Thanks, Steve. vsftpd (works with active on the client) and SuSE 8.0
<snip>
Looks more or less the same as my setup.
Assuming it works if you turn the firewall off, you may want to run a test with all logging options turned on (you'll find them towards the end of the config file), and see if that can give any clues.
All firewall output can be found in /var/log/messages, among other places
//Anders
It doesn't work even if I turn the firewall off. Where should I look next? Thanks for your patience, Steve.
On Thu, 10 Oct 2002 23:14:50 +0200
steve
Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere?
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
Quess: maybe explicitly add ftp-data here? Maybe "yes" isn't doing the trick? FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data ,yes" or maybe check /etc/vsftpd.conf and experiment with the pasv_promiscious setting -- use Perl; #powerful programmable prestidigitation
On Friday 11 October 2002 09:05, zentara wrote:
On Thu, 10 Oct 2002 23:14:50 +0200
steve
wrote: Hi. I can't get passive ftp to work. Here is my SuSEfirewall2 setup. Can anyone see why this should not allow me to connect from a client? Or should I be looking elsewhere?
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
Quess: maybe explicitly add ftp-data here? Maybe "yes" isn't doing the trick?
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data ,yes"
or maybe check /etc/vsftpd.conf and experiment with the pasv_promiscious setting
Thanks. There seem to be many more booleans to set than one would imagine from just working through vsftpd.conf. I wish they'd put everything configurable commented out if default, into the stuff in /etc. Exemplary is the SuSEfirewall2 script. Yeah, ok. rtfmp. Slapped wrists.
Hi, I would like to limit transfer rate at eth0 due to testing an application. Currently I'm using the 'tc' command: tc qdisc add dev eth0 root tbf rate $1 buffer 5kb/8 limit 10kb It works fine for outgoing packets, but I would like to limit overal transfer rate (incoming and outgoing). This should simulates slow connection to internet using our local fast LAN. In Advanced-routing howto I found 'tc qdisc' is for outgoing packets only. Measuring with 'iptraf' shows that this is true. Any idea? Thank you very much. _______________________________________________________________ Marek Libra Phone:+42 0776 039 948 Email: xlibra@fi.muni.cz Faculty of Informatics, Masaryk University Brno, Czech Republic _______________________________________________________________
* Marek Libra;
It works fine for outgoing packets, but I would like to limit overal transfer rate (incoming and outgoing). This should simulates slow connection to internet using our local fast LAN.
In Advanced-routing howto I found 'tc qdisc' is for outgoing packets only. Measuring with 'iptraf' shows that this is true.
Any idea?
Actually you have found the correct documentation AFAIK you can only police the traffic coming in but not shape it. If you used the online howto look for other links htp://docum.org if I recall correctly -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
I'm confused with so many posible tc's arguments :-( My computer is router with two ethernet interfaces. The 'tc' command tc qdisc add dev eth0 root tbf rate 64kbit buffer 5kb/8 limit 10kb can limit outgoing trafic at eth0 (not incoming). It is possible to limit outgoing trafic at eth1 too, so total rate (input and output) will be limited. Unfortunately I'll become for simulated internet 128kbit only 64+64 in real at our LAN. But it should be OK.
From other reason I can limit outgoing rate at eth1 only for some hosts with specific IP (that I know). Other application runing at router must have maximal possible transfer speed through eth1.
Please, how can I correct the 'tc' command to be applied only for source address 1.2.3.4 in ip header? Thanks.
participants (5)
-
Anders Johansson
-
Marek Libra
-
steve
-
Togan Muftuoglu
-
zentara