Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [SLE] opensuse and ftp server
  • From: LDB <thesource@xxxxxxxxxxx>
  • Date: Mon, 24 Apr 2006 18:00:15 -0400
  • Message-id: <444D4A6F.7040908@xxxxxxxxxxx>

Matthias Titeux wrote:
Le Mardi 14 Mars 2006 02:39, Carlos E. R. a écrit :
The Monday 2006-03-13 at 16:59 +0100, Matthias Titeux wrote:
I tried to declare ftp instead of port 20 and 21 in Susefirewall (both
TCP and UDP) on both the server and the client (2 SuSE 10.0 oss
computers).

The problem still there !
I have

FW_SERVICES_INT_TCP="ftp ftp-data"

or

FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data"

(I consider that network external, it is connected to the internet
router).

What is funny is when I tried from A Mac OS X computer (GO> Connect to
server> ftp://my-ip-/my-name/) I was able to list the directory !!!
I did not specify sftp, but maybe OS X is using it by default....
I'd rather think that it is a problem at the client side firewall. Or that
the Mac uses the other method (active or passive).


In active mode the client side "activates" a high port for data, to which
the server side connects. The firewall has to be told somehow about that
port.

In passive mode it is the server side who has problems with its firewall.


For example, in the "vsftpd" server you can allocate some ports for this:

pasv_max_port

The maximum port to allocate for PASV style data
connections. Can be used to specify a narrow port range to
assist firewalling.

Default: 0 (use any port)

pasv_min_port

The minimum port to allocate for PASV style data
connections. Can be used to specify a narrow port range to
assist firewalling.

Default: 0 (use any port)

Other servers have equivalent settings.

And then, you open that range in the firewall. I thought this was not
needed with the contrack modules, but... dunno, some one told me he forced
loading those modules manually.


One last thing: if you are connecting through internet, I would rather use
sftp.


--
Cheers,
Carlos Robinson


Many thanks Carlos,

As soon as i get time I will try your suggestions.
Somehow, in previous SuSE releases, this was transparent. I just had to open port 21 in the firewall....(and the transfer was in Passive mode). Anyway, I learn better how the ftp transfer is working :-)
And thanx for the advice.

Cheers
Matthias

I realize this an old thread but i was wondering what was the resolution. I have the exact same problem.

Thanks,

LDB

< Previous Next >
This Thread
  • No further messages