Armin Schoech wrote:
Hei Terje,
1) ftpd enabled, firewall activated (no interface for internal zone): -------------------------------------------------------------------- no document comes through:
/var/log/firewall Aug 23 10:03:24 alfa kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:13:72:a8:c3:79:00:04:00:9b:0c:a4:08:00 SRC=192.9.200.8 DST=192.9.200.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=1162 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40000080A037B6B3C0000000001030300)
--> so you have to enable port 21 ("DPT") on the firewall. You can do this for a single host/network in the variable FW_TRUSTED_NETS
FW_TRUSTED_NETS = "192.9.200.8/32,tcp,21"
I tried this, disabled the firewall, but didn't get vsftpd to receive ftp documents from my scanner. I preferably wish to use vsftpd, because beside my fixed IP networked scanner, I also wish to connect from outside from my home PC using ADSL and DHCP
Also have a look at the "FW_LOAD_MODULES" variable. AFAIK the module "ip_conntrack_ftp" tries to be smart to open the other ports needed for FTP and to only open them for the current FTP session and then close them again.
Then look for more error messages.
/var/log/warn Aug 23 09:55:28 alfa SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
--> I think this message is unrelated to your problem.
Tell us if you get more error messages.
Same error message as above from the scanner's ftp log # grep vsftp /var/log/* /var/log/messages:Aug 27 11:22:24 alfa xinetd[3513]: Reading included configuration file: /etc/xinetd.d/vsftpd [file=/etc/xinetd.d/vsftpd] [line=90] --Terje --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org