[Bug 541954] New: Yast2 FTP module does not open SuSEfirewall enough for ftp to actually work [solution included]
http://bugzilla.novell.com/show_bug.cgi?id=541954 Summary: Yast2 FTP module does not open SuSEfirewall enough for ftp to actually work [solution included] Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: johanp@aditus.nu QAContact: jsrain@novell.com Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.2) Gecko/20090730 SUSE/3.5.2-1.2 Firefox/3.0.7, Ant.com Toolbar 1.3 The FTP (server) module in Yast2 has a tickbox "Open ports in firewall" marking this tickbox will only open port 21. However, with SuSEFirewall enabled this is not enough since the Firewall will still block FTP outgoing traffic. We therefore consider the FTP setup to be broken since it gives the illusion of opening the firewall while it is in effect not doing enough. In order to open the Firewall for FTP The following additional changes must be made to "/etc/sysconfig/SuSEfirewall2" FW_LOAD_MODULES=ip_conntrack_ftp FW_SERVICES_ACCEPT_RELATED_EXT="0/0,tcp" The chanages must be made by the yast2-ftp module Reproducible: Always Steps to Reproduce: 1.Try to enable FTP via the Yast2 FTP module Expected Results: That the firewall have been configured to allow FTP traffic to pass -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=541954
Marcus Meissner
http://bugzilla.novell.com/show_bug.cgi?id=541954
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541954#c1
--- Comment #1 from Ludwig Nussel
FW_LOAD_MODULES=ip_conntrack_ftp FW_SERVICES_ACCEPT_RELATED_EXT="0/0,tcp"
You must be joking. Disabling the firewall has the same effect. FW_CONFIGURATIONS_EXT="vsftpd" is what you are looking for (or pure-ftpd if you use that one). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=541954
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=541954#c2
--- Comment #2 from Ludwig Nussel
(In reply to comment #0)
FW_LOAD_MODULES=ip_conntrack_ftp FW_SERVICES_ACCEPT_RELATED_EXT="0/0,tcp" ^^^^^^^ ok, I overlooked that. *phew*. Still FW_CONFIGURATIONS_EXT is better. ip_conntrack_ftp is dangerous esp on desktops.
-- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=541954
User johanp@aditus.nu added comment
http://bugzilla.novell.com/show_bug.cgi?id=541954#c3
--- Comment #3 from Johan Persson
http://bugzilla.novell.com/show_bug.cgi?id=541954
http://bugzilla.novell.com/show_bug.cgi?id=541954#c
Jozef Uhliarik
http://bugzilla.novell.com/show_bug.cgi?id=541954
http://bugzilla.novell.com/show_bug.cgi?id=541954#c4
Jozef Uhliarik
https://bugzilla.novell.com/show_bug.cgi?id=541954
https://bugzilla.novell.com/show_bug.cgi?id=541954#c5
--- Comment #5 from Johan Persson
participants (1)
-
bugzilla_noreply@novell.com