Mailinglist Archive: opensuse-security (261 mails)
| < Previous | Next > |
Re: [suse-security] Configuring SuSEfirewall2 for FTP access
- From: "remote" <remote@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 19 Apr 2004 11:38:02 +0200
- Message-id: <002801c425f2$029d67c0$29379386@xxxxxxxxxxxxxxxxxxxxx>
This is a transcript of my firewall log when I try to connect to ftp.suse.de :
Apr 19 11:35:38 router kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT=eth1 SRC=AAA.BBB.CCC.DDD DST=195.135.221.130 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=1263 DF PROTO=TCP SPT=1802 DPT=38852 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Passive FTP is activated. The way I understood passive FTP the server is supposed to have its higher ports open, while the downloading computer only has to have ports 20 or 21 open. My /etc/sysconfig/SuSEfirewall does include a FW_FORWARD-rule which opens these ports to the entire net,
FW_FORWARD ="
AAA.BBB.CCC.0/6,0/0,tcp,20:21 "
however I don´t get any kind of FTP, neither upload nor download.
What´s wrong with my setup ?
Thanks,
Jörg
Apr 19 11:35:38 router kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT=eth1 SRC=AAA.BBB.CCC.DDD DST=195.135.221.130 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=1263 DF PROTO=TCP SPT=1802 DPT=38852 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Passive FTP is activated. The way I understood passive FTP the server is supposed to have its higher ports open, while the downloading computer only has to have ports 20 or 21 open. My /etc/sysconfig/SuSEfirewall does include a FW_FORWARD-rule which opens these ports to the entire net,
FW_FORWARD ="
AAA.BBB.CCC.0/6,0/0,tcp,20:21 "
however I don´t get any kind of FTP, neither upload nor download.
What´s wrong with my setup ?
Thanks,
Jörg
| < Previous | Next > |