Fajar Priyanto wrote:
On Wednesday 22 August 2007 19:27:53 Terje J. Hanssen wrote:
pure-ftpd vs vsftpd: I wish to setup FTP on a OpenSUSE 10.2 workstation to receive scanned documents from a networked MFP machine which has "Scan to FTP". First I enabled pure-ftpd service with xinetd, deactivated SuSEFirewall and was able to receive scanned ftp documents in my homedir as seleced. Next I tried to enable the more secure vsftpd instead, but did't get any FTP document, even not with the FireWall deactivated. Maybe also something also has to be configured in vsftpd.conf?
SuseFirewall: I have a default SuseFirewall setup just with SSH enabled for external Zone access. My question is how configure SUSEFirewall preferably with YaST to receive FTP documents from my network scanner?
I'm using fixed IP addresses on the LAN, not DHCP. I haven't activated Firewall for the Internal zone and thought therefore everything on my LAN had access, but scanned documents don't come through. I've read FTP may need that port 20-21 both TCP and UDP in the Firewall, maybe this is for External zone only?
Do you have any relevant log message regarding the error?
Not sure these are the most relevant messages, but here are something: 1) ftpd enabled, firewall activated (no interface for internal zone): -------------------------------------------------------------------- no document comes through: /var/log/firewall Aug 23 10:03:24 alfa kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:13:72:a8:c3:79:00:04:00:9b:0c:a4:08:00 SRC=192.9.200.8 DST=192.9.200.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=1162 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40000080A037B6B3C0000000001030300) /var/log/warn Aug 23 09:55:28 alfa SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled. Lexmark scanlog: Could not scan to ftp connection error code is -1 2) vsftp enabled, firewall deactivated: --------------------------------------- no document comes through: grep vsftp /var/log/* messages:Aug 23 10:11:29 alfa xinetd[3511]: Reading included configuration file: /etc/xinetd.d/vsftpd [file=/etc/xinetd.d/vsftpd] [line=90] /var/log/warn Aug 23 09:55:28 alfa kernel: Netfilter messages via NETLINK v0.30. Aug 23 09:55:28 alfa kernel: ip_conntrack version 2.4 (8192 buckets, 65536 max) - 288 bytes per conntrack Aug 23 10:10:54 alfa SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled. Lexmark scanlog: Could not scan to ftp connection error code is -4 500 OOPS: could bind listening IPv4 socket My note: As far as can see, there is no configuration possibility regarding passiv/active ftp setting on Lexmark's side Rgds, Terje J. Hanssen --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org