Hi, I set up a ftp server on my server, i see it from my firewall but not from internet and from intern network ! Somebody has an idea ? ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
* Frédéric Poulet;
Hi,
I set up a ftp server on my server, i see it from my firewall but not from internet and from intern network !
Somebody has an idea ?
Before hitting the reply 1) first get the /etc/sysconfig/SuSEfirewall2 configuration 2)grep -v ^# /etc/sysconfig/SuSEfirewall2 3)Now try to use the FTP from the internal machine 4)tail -n30 /var/log/messages 5) Send number 2 and 4 to the List -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
2)grep -v ^# /etc/sysconfig/SuSEfirewall2
# 1.) # 2.) FW_DEV_EXT="ppp0" # 3.) FW_DEV_INT="eth1" # 4.) FW_DEV_DMZ="eth2" # 5.) FW_ROUTE="yes" #6 FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.1.0/24 192.168.5.0/24" # 7.) FW_PROTECT_FROM_INTERNAL="no" # 8.) FW_AUTOPROTECT_SERVICES="yes" # 9.) FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" # FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" # FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" # 10.) FW_TRUSTED_NETS="" # 11.) FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" # 12.) FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" # 13.) FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80 192.168.1.0/24,192.168.5.2,tcp,21" # 14.) FW_FORWARD_MASQ="0/0,192.168.5.2,tcp,80 0/0,192.168.5.2,tcp,21" # 15.) FW_REDIRECT="" # 16.) FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="no" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" # 17.) FW_KERNEL_SECURITY="yes" # 18.) FW_STOP_KEEP_ROUTING_STATE="no" # 19.) FW_ALLOlW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="yes" ## # END of rc.firewall ## # # #-------------------------------------------------------------------------# # # # EXPERT OPTIONS - all others please don't change these! # # # #-------------------------------------------------------------------------# # # # # 20.) # Allow (or don't) ICMP time-to-live-exceeded to be send from your firewall. # This is used for traceroutes to your firewall (or traceroute like tools). # # Please note that the unix traceroute only works if you say "yes" to # FW_ALLOW_INCOMING_HIGHPORTS_UDP, and windows traceroutes only if you say # additionally "yes" to FW_ALLOW_PING_FW # # Choice: "yes" or "no", defaults to "no" if not set. # FW_ALLOW_FW_TRACEROUTE="yes" # # 21.) # Allow ICMP sourcequench from your ISP? # # If set to yes, the firewall will notice when connection is choking, however # this opens yourself to a denial of service attack. Choose your poison. # # Choice: "yes" or "no", defaults to "yes" # FW_ALLOW_FW_SOURCEQUENCH="yes" # # 22.) # Allow/Ignore IP Broadcasts? # # If set to yes, the firewall will not filter broadcasts by default. # This is needed e.g. for Netbios/Samba, RIP, OSPF where the broadcast # option is used. # If you do not want to allow them however ignore the annoying log entries, # set FW_IGNORE_FW_BROADCAST to yes. # # Choice: "yes" or "no", defaults to "no" if not set. # FW_ALLOW_FW_BROADCAST="no" # FW_IGNORE_FW_BROADCAST="yes" # # 23.) # Allow same class routing per default? # REQUIRES: FW_ROUTE # # Do you want to allow routing between interfaces of the same class # (e.g. between all internet interfaces, or all internal network interfaces) # be default (so without the need setting up FW_FORWARD definitions)? # # Choice: "yes" or "no", defaults to "no" # FW_ALLOW_CLASS_ROUTING="no" # # 25.) # Do you want to load customary rules from a file? # # This is really an expert option. NO HELP WILL BE GIVEN FOR THIS! # READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/SuSEfirewall2-custom # #FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
4)tail -n30 /var/log/messages Jan 23 08:27:59 linux pppd[3608]: rcvd [LCP EchoRep id=0x8c magic=0x4dc2dc0c] Jan 23 08:28:12 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6134 DF PROTO=TCP SPT=32969 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419B6680000000001030300) Jan 23 08:28:14 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=202.133.41.149 DST=80.13.41.197 LEN=78 TOS=0x00 PREC=0x00 TTL=107 ID=2433 PROTO=UDP SPT=1026 DPT=137 LEN=58 Jan 23 08:28:15 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6135 DF PROTO=TCP SPT=32969 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419B7940000000001030300) Jan 23 08:28:19 linux pppd[3608]: sent [LCP EchoReq id=0x8d magic=0x16380e52] Jan 23 08:28:19 linux pppd[3608]: rcvd [LCP EchoRep id=0x8d magic=0x4dc2dc0c] Jan 23 08:28:19 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=66.20.144.101 DST=80.13.41.197 LEN=78 TOS=0x00 PREC=0x00 TTL=108 ID=45696 PROTO=UDP SPT=1027 DPT=137 LEN=58 Jan 23 08:28:21 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6136 DF PROTO=TCP SPT=32969 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419B9EC0000000001030300) Jan 23 08:28:22 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=25488 DF PROTO=TCP SPT=32970 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419BA560000000001030300) Jan 23 08:28:25 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=25489 DF PROTO=TCP SPT=32970 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419BB820000000001030300) Jan 23 08:28:31 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=25490 DF PROTO=TCP SPT=32970 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419BDDA0000000001030300) Jan 23 08:28:39 linux pppd[3608]: sent [LCP EchoReq id=0x8e magic=0x16380e52] Jan 23 08:28:39 linux pppd[3608]: rcvd [LCP EchoRep id=0x8e magic=0x4dc2dc0c] Jan 23 08:28:59 linux pppd[3608]: sent [LCP EchoReq id=0x8f magic=0x16380e52] Jan 23 08:28:59 linux pppd[3608]: rcvd [LCP EchoRep id=0x8f magic=0x4dc2dc0c] Jan 23 08:29:10 linux pppd[3608]: rcvd [LCP EchoReq id=0x70 magic=0x4dc2dc0c] Jan 23 08:29:10 linux pppd[3608]: sent [LCP EchoRep id=0x70 magic=0x16380e52] Jan 23 08:29:17 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=195.94.198.174 DST=80.13.41.197 LEN=78 TOS=0x00 PREC=0x00 TTL=110 ID=62330 PROTO=UDP SPT=1027 DPT=137 LEN=58 Jan 23 08:29:19 linux pppd[3608]: sent [LCP EchoReq id=0x90 magic=0x16380e52] Jan 23 08:29:19 linux pppd[3608]: rcvd [LCP EchoRep id=0x90 magic=0x4dc2dc0c]
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
* Frédéric Poulet;
# 13.) FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80 192.168.1.0/24,192.168.5.2,tcp,21"
OK
# 14.) FW_FORWARD_MASQ="0/0,192.168.5.2,tcp,80 0/0,192.168.5.2,tcp,21"
OK
4)tail -n30 /var/log/messages
Jan 23 08:28:12 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6134 DF PROTO=TCP SPT=32969 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419B6680000000001030300)
Not OK they are not related to FTP traffic ie DPT=113 is Identd request and its perfectly okau to drop it. We need the logs when you are trying to do the FTP so DPT=21 will be seen in the logs -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
i don't have dpt=21 when i try ftp service but dpt=113
--- Togan Muftuoglu
# 13.) FW_FORWARD="192.168.1.0/24,192.168.5.2,tcp,80 192.168.1.0/24,192.168.5.2,tcp,21"
OK
# 14.) FW_FORWARD_MASQ="0/0,192.168.5.2,tcp,80 0/0,192.168.5.2,tcp,21"
OK
4)tail -n30 /var/log/messages
Jan 23 08:28:12 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2 DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6134 DF PROTO=TCP SPT=32969 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0419B6680000000001030300)
Not OK they are not related to FTP traffic ie DPT=113 is Identd request and its perfectly okau to drop it. We need the logs when you are trying to do the FTP so DPT=21 will be seen in the logs
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
* Frédéric Poulet;
i don't have dpt=21 when i try ftp service but dpt=113
How is your FTP server configured then -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
when i use ftp service from firewall i have logs:
Jan 23 12:40:06 linux pppd[3608]: sent [LCP EchoReq id=0x80 magic=0x16380e52]
Jan 23 12:40:06 linux pppd[3608]: rcvd [LCP EchoRep id=0x80 magic=0x4dc2dc0c]
Jan 23 12:40:11 linux kernel: SuSE-FW-REJECT IN=eth2 OUT=
MAC=00:40:f4:3d:89:4b:00:e0:18:a6:7d:17:08:00 SRC=192.168.5.2 DST=192.168.5.1 LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=55868 DF PROTO=TCP SPT=32983 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A0430C8600000000001030300)
Jan 23 12:40:11 linux kernel: SuSE-FW-REJECT IN=eth2 OUT=
MAC=00:40:f4:3d:89:4b:00:e0:18:a6:7d:17:08:00 SRC=192.168.5.2 DST=192.168.5.1 LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=20915 DF PROTO=TCP SPT=32984 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405B40402080A0430C8770000000001030300)
and from intern network i have :
Jan 23 12:40:46 linux pppd[3608]: sent [LCP EchoReq id=0x82 magic=0x16380e52]
Jan 23 12:40:46 linux pppd[3608]: rcvd [LCP EchoRep id=0x82 magic=0x4dc2dc0c]
Jan 23 12:41:02 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=41881 DF PROTO=TCP SPT=32985 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430DC2E0000000001030300)
Jan 23 12:41:05 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=41882 DF PROTO=TCP SPT=32985 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430DD5A0000000001030300)
Jan 23 12:41:06 linux pppd[3608]: sent [LCP EchoReq id=0x83 magic=0x16380e52]
Jan 23 12:41:06 linux pppd[3608]: rcvd [LCP EchoRep id=0x83 magic=0x4dc2dc0c]
Jan 23 12:41:11 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=41883 DF PROTO=TCP SPT=32985 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430DFB20000000001030300)
Jan 23 12:41:12 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12647 DF PROTO=TCP SPT=32986 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430E0310000000001030300)
Jan 23 12:41:15 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12648 DF PROTO=TCP SPT=32986 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430E15D0000000001030300)
Jan 23 12:41:21 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth2 OUT=eth1 SRC=192.168.5.2
DST=192.168.1.199 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12649 DF PROTO=TCP SPT=32986 DPT=113
WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430E3B50000000001030300)
Jan 23 12:41:26 linux pppd[3608]: sent [LCP EchoReq id=0x84 magic=0x16380e52]
Jan 23 12:41:26 linux pppd[3608]: rcvd [LCP EchoRep id=0x84 magic=0x4dc2dc0c]
Jan 23 12:41:46 linux pppd[3608]: sent [LCP EchoReq id=0x85 magic=0x16380e52]
Jan 23 12:41:46 linux pppd[3608]: rcvd [LCP EchoRep id=0x85 magic=0x4dc2dc0c]
Jan 23 12:41:54 linux kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= SRC=217.99.48.205
DST=80.13.41.197 LEN=78 TOS=0x00 PREC=0x00 TTL=106 ID=22720 PROTO=UDP SPT=62739 DPT=137 LEN=58
i use "proftpd" for my ftp service with default configuration (port 21)
--- Togan Muftuoglu
i don't have dpt=21 when i try ftp service but dpt=113
How is your FTP server configured then
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
* Frédéric Poulet;
when i use ftp service from firewall i have logs: Jan 23 12:40:11 linux kernel: SuSE-FW-REJECT IN=eth2 OUT= MAC=00:40:f4:3d:89:4b:00:e0:18:a6:7d:17:08:00 SRC=192.168.5.2 DST=192.168.5.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55868 DF PROTO=TCP SPT=32983 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430C8600000000001030300)
Sorry but this makes no sense and you have somewhere a misconfiguration ( most probably proftpd related )
i use "proftpd" for my ftp service with default configuration (port 21)
To be honest I do not even think proftpd is running -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Doesn't it look like the client he is using is miconfigured ?
looks like it is requesting a connection on port 113 instead of 21 ...
Which client are you using ?
Chris
_____________________________________________
Make money while you work !!!
http://www.degoo.com/index.php?refid=mersco
This is for real !!!
http://e-mailpaysu.com/members/index.cgi?mersco
_____________________________________________
----- Original Message -----
From: "Togan Muftuoglu"
* Frédéric Poulet;
on 14 Nov, 2002 wrote: when i use ftp service from firewall i have logs: Jan 23 12:40:11 linux kernel: SuSE-FW-REJECT IN=eth2 OUT= MAC=00:40:f4:3d:89:4b:00:e0:18:a6:7d:17:08:00 SRC=192.168.5.2 DST=192.168.5.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55868 DF PROTO=TCP SPT=32983 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430C8600000000001030300)
Sorry but this makes no sense and you have somewhere a misconfiguration ( most probably proftpd related )
i use "proftpd" for my ftp service with default configuration (port 21)
To be honest I do not even think proftpd is running
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Proftd running becouse i have the log message of proftpd
--- Togan Muftuoglu
when i use ftp service from firewall i have logs: Jan 23 12:40:11 linux kernel: SuSE-FW-REJECT IN=eth2 OUT= MAC=00:40:f4:3d:89:4b:00:e0:18:a6:7d:17:08:00 SRC=192.168.5.2 DST=192.168.5.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55868 DF PROTO=TCP SPT=32983 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A0430C8600000000001030300)
Sorry but this makes no sense and you have somewhere a misconfiguration ( most probably proftpd related )
i use "proftpd" for my ftp service with default configuration (port 21)
To be honest I do not even think proftpd is running
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
My proftpd configuration file :
ServerName "ProFTPD Default Installation"
ServerType inetd
DefaultServer on
Port 21
Umask 022
MaxInstances 30
User nobody
Group nogroup
Which client are you using ?
I used flashfxp and MS-DOS commands ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
participants (3)
-
Chris FitzGerald
-
Frédéric Poulet
-
Togan Muftuoglu