Mailinglist Archive: opensuse (3100 mails)
| < Previous | Next > |
Re: [SLE] opensuse and ftp server
- From: Matthias Titeux <matthias.titeux@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 14 Mar 2006 10:34:22 +0100
- Message-id: <200603141034.22293.matthias.titeux@xxxxxxxxxxxxxxxxxx>
Le Mardi 14 Mars 2006 02:39, Carlos E. R. a écrit :
> The Monday 2006-03-13 at 16:59 +0100, Matthias Titeux wrote:
> > I tried to declare ftp instead of port 20 and 21 in Susefirewall (both
> > TCP and UDP) on both the server and the client (2 SuSE 10.0 oss
> > computers).
> >
> > The problem still there !
>
> I have
>
> FW_SERVICES_INT_TCP="ftp ftp-data"
>
> or
>
> FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data"
>
> (I consider that network external, it is connected to the internet
> router).
>
> > What is funny is when I tried from A Mac OS X computer (GO> Connect to
> > server> ftp://my-ip-/my-name/) I was able to list the directory !!!
> > I did not specify sftp, but maybe OS X is using it by default....
>
> I'd rather think that it is a problem at the client side firewall. Or that
> the Mac uses the other method (active or passive).
>
>
> In active mode the client side "activates" a high port for data, to which
> the server side connects. The firewall has to be told somehow about that
> port.
>
> In passive mode it is the server side who has problems with its firewall.
>
>
> For example, in the "vsftpd" server you can allocate some ports for this:
>
> pasv_max_port
>
> The maximum port to allocate for PASV style data
> connections. Can be used to specify a narrow port range to
> assist firewalling.
>
> Default: 0 (use any port)
>
> pasv_min_port
>
> The minimum port to allocate for PASV style data
> connections. Can be used to specify a narrow port range to
> assist firewalling.
>
> Default: 0 (use any port)
>
> Other servers have equivalent settings.
>
> And then, you open that range in the firewall. I thought this was not
> needed with the contrack modules, but... dunno, some one told me he forced
> loading those modules manually.
>
>
> One last thing: if you are connecting through internet, I would rather use
> sftp.
>
>
> --
> Cheers,
> Carlos Robinson
Many thanks Carlos,
As soon as i get time I will try your suggestions.
Somehow, in previous SuSE releases, this was transparent. I just had to open
port 21 in the firewall....(and the transfer was in Passive mode).
Anyway, I learn better how the ftp transfer is working :-)
And thanx for the advice.
Cheers
Matthias
--
___________________________________________________
Matthias Titeux, PhD
Departement de génétique des maladies epithéliums
INSERM U563 - CPTP
Pavillon Lefebvre, 5ème étage
CHU Purpan
31059 Toulouse cedex 03
__________________________________________________
> The Monday 2006-03-13 at 16:59 +0100, Matthias Titeux wrote:
> > I tried to declare ftp instead of port 20 and 21 in Susefirewall (both
> > TCP and UDP) on both the server and the client (2 SuSE 10.0 oss
> > computers).
> >
> > The problem still there !
>
> I have
>
> FW_SERVICES_INT_TCP="ftp ftp-data"
>
> or
>
> FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data"
>
> (I consider that network external, it is connected to the internet
> router).
>
> > What is funny is when I tried from A Mac OS X computer (GO> Connect to
> > server> ftp://my-ip-/my-name/) I was able to list the directory !!!
> > I did not specify sftp, but maybe OS X is using it by default....
>
> I'd rather think that it is a problem at the client side firewall. Or that
> the Mac uses the other method (active or passive).
>
>
> In active mode the client side "activates" a high port for data, to which
> the server side connects. The firewall has to be told somehow about that
> port.
>
> In passive mode it is the server side who has problems with its firewall.
>
>
> For example, in the "vsftpd" server you can allocate some ports for this:
>
> pasv_max_port
>
> The maximum port to allocate for PASV style data
> connections. Can be used to specify a narrow port range to
> assist firewalling.
>
> Default: 0 (use any port)
>
> pasv_min_port
>
> The minimum port to allocate for PASV style data
> connections. Can be used to specify a narrow port range to
> assist firewalling.
>
> Default: 0 (use any port)
>
> Other servers have equivalent settings.
>
> And then, you open that range in the firewall. I thought this was not
> needed with the contrack modules, but... dunno, some one told me he forced
> loading those modules manually.
>
>
> One last thing: if you are connecting through internet, I would rather use
> sftp.
>
>
> --
> Cheers,
> Carlos Robinson
Many thanks Carlos,
As soon as i get time I will try your suggestions.
Somehow, in previous SuSE releases, this was transparent. I just had to open
port 21 in the firewall....(and the transfer was in Passive mode).
Anyway, I learn better how the ftp transfer is working :-)
And thanx for the advice.
Cheers
Matthias
--
___________________________________________________
Matthias Titeux, PhD
Departement de génétique des maladies epithéliums
INSERM U563 - CPTP
Pavillon Lefebvre, 5ème étage
CHU Purpan
31059 Toulouse cedex 03
__________________________________________________
| < Previous | Next > |