Ftp Problem with Suse Firewall
Hello NG, I've installed the WU FTPD on my Suse 7.1 Box. The ftp connect to localhost is successfull. I can list directorys, create and delete them. But if I try to to connect from the Internet to my linux box, then I can login but the LIST command is not successfull, the ftp process from the client is hanging. I think it's a problem with the firewall. In the logfile there is the following entry: May 20 17:43:42 dolly kernel: Packet log: input DENY eth1 PROTO=6 111.111.111.111: 20 217.4.191.240:65415 L=60 S=0x08 I=57760 F=0x4000 T=64 SYN (#91) But I have configured FW_FORWARD_TCP="0/0,111.111.111.111,21" I think it's no problem with active and passive ftp, because have probed the ftp command in active and passive mode, everything the same. Hope that anybody could help. Best Regards Andreas Müller
Hi Andreas, In your log file line you can see port 20 is denied. That's the data connection for active FTP, therefore your FW_FORWARD_TCP can't do anything to open that port. You stated passive FTP causes the same problem. Can you please mail the log entry of your attempt with passive FTP? Ralf
Hello NG,
I've installed the WU FTPD on my Suse 7.1 Box. The ftp connect to localhost is successfull. I can list directorys, create and delete them.
But if I try to to connect from the Internet to my linux box, then I can login but the LIST command is not successfull, the ftp process from the client is hanging.
I think it's a problem with the firewall. In the logfile there is the following entry:
May 20 17:43:42 dolly kernel: Packet log: input DENY eth1 PROTO=6 111.111.111.111: 20 217.4.191.240:65415 L=60 S=0x08 I=57760 F=0x4000 T=64 SYN (#91)
But I have configured FW_FORWARD_TCP="0/0,111.111.111.111,21" I think it's no problem with active and passive ftp, because have probed the ftp command in active and passive mode, everything the same.
Hope that anybody could help. Best Regards Andreas Müller
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
* * Ralf 'coko' Koch * mailto:info@formel4.de * --- The only thing Micro$oft has done for society, is make people believe, that computers are inherently unreliable.
Hi!
But if I try to to connect from the Internet to my linux box, then I can login but the LIST command is not successfull, the ftp process from the client is hanging. I think it's a problem with the firewall. In the logfile there is the following entry:
I had the same problem with my system. My ISP is blocking all the ports below 1024.. If I changed the ftp port to be higher, the data-connection still didn't work.. It was in both modes, active and passive.. So I figured it had something to do with the firewall on the other machine from where I tried the connection.. Because one friend of mine succeeded to open the connection. So check the firewall on the client side too.. But actually that didn't help my situation, as the place from where I wanted to get the connection used a firewall too.. But the way I overcame this was openssh and sftp. I just defined my ssh port to be larger than that 1024 and then the sftp connection from outside works fine. This was after I updated to 7.1. I think that the ssh server in 7.0 doesn't have that sftp so well supported. Or.. Possibly it has but there was something... I got it working too when I installed openssh server from web to it. But now in 7.1 it works fine with the SuSE package. eero.
participants (3)
-
Andreas M�ller -
eero palomaki -
Ralf Koch