Mailinglist Archive: opensuse (4348 mails)

< Previous Next >
Re: [SLE] ftp highport security in susefirewall2
  • From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 4 Oct 2002 15:31:51 +0200
  • Message-id: <200210041531.51599.andjoh@xxxxxxxxxxxxxxxxxxxxx>
On Friday 04 October 2002 15.18, steve wrote:
> > > FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
> > > </snip>
> >
> > ftp-data works fine for me.
>
> Doesn't for me. I have to put the same line in the *client's* firewall and
> turn off passive to be able to connect. Does:
> FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
> also have to be set to "ftp-data"?
> Thanks for your patience. Steve.

You shouldn't have to touch the client side firewall at all. That's the whole
point of passive mode. It should be enough to set

FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"

on the server (and restart the firewall, naturally :). If that doesn't work
there must be some other problem. You could try setting

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"

instead and see if that works.

//Anders
--
'Deserves [death]. I daresay he does. Many that live deserve death. And some
that die deserve life. Can you give it to them? Then do not be too eager to
deal out death in judgement. For even the very wise cannot see all ends.'
--Tolkien, The Lord of the Rings

< Previous Next >
References