Armin Schoech wrote:
Hei Terje,
1) ftpd enabled, firewall activated (no interface for internal zone): -------------------------------------------------------------------- no document comes through:
/var/log/firewall Aug 23 10:03:24 alfa kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:13:72:a8:c3:79:00:04:00:9b:0c:a4:08:00 SRC=192.9.200.8 DST=192.9.200.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=1162 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40000080A037B6B3C0000000001030300)
--> so you have to enable port 21 ("DPT") on the firewall. You can do this for a single host/network in the variable FW_TRUSTED_NETS
FW_TRUSTED_NETS = "192.9.200.8/32,tcp,21"
Thanks, this worked ok for pure-ftp
Also have a look at the "FW_LOAD_MODULES" variable. AFAIK the module "ip_conntrack_ftp" tries to be smart to open the other ports needed for FTP and to only open them for the current FTP session and then close them again.
Tried this first, but it didn't work in my case
Then look for more error messages.
/var/log/warn Aug 23 09:55:28 alfa SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
--> I think this message is unrelated to your problem.
--Terje --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org