Hi all! I've a Suse 7.2 system configured as Gateway/Firewall to use in a small LAN, but I now I found out, that dynamic ftp connections are rejected, too. Is there any update needed or is it only some configuration trouble? Greetings mudjekeevis
Hi all!
I've a Suse 7.2 system configured as Gateway/Firewall to use in a small LAN, but I now I found out, that dynamic ftp connections are rejected, too. Is there any update needed or is it only some configuration trouble?
The personal-firewall is innocent, as long as you have set REJECT_ALL_INCOMING_CONNECTIONS in /etc/rc.config.d/security.rc.config to "no". If it is set to "modem", then PORT mode ftp won't work. Basically all clients in a SuSE distribution use passive mode, though. Which client did you try?
Greetings
mudjekeevis
Thanks,
Roman.
--
- -
| Roman Drahtmüller
I don't use Linux for ftp-ing, but some Windows machines, Linux only used as Gateway...I tried it with "wsftp".... REJECT_ALL is set to "ppp0 masq"....if I set it to "no", there will be no masquerading and I need this feature to connect with DSL-Provider! -----Ursprüngliche Nachricht----- Von: Roman Drahtmueller [mailto:draht@suse.de] Gesendet: Dienstag, 23. Oktober 2001 12:29 An: Heinz Cc: suse-security@suse.com Betreff: Re: [suse-security] Trouble with "Personal Firewall"...
Hi all!
I've a Suse 7.2 system configured as Gateway/Firewall to use in a small
LAN,
but I now I found out, that dynamic ftp connections are rejected, too. Is there any update needed or is it only some configuration trouble?
The personal-firewall is innocent, as long as you have set REJECT_ALL_INCOMING_CONNECTIONS in /etc/rc.config.d/security.rc.config to "no". If it is set to "modem", then PORT mode ftp won't work. Basically all clients in a SuSE distribution use passive mode, though. Which client did you try?
Greetings
mudjekeevis
Thanks,
Roman.
--
- -
| Roman Drahtmüller
hi!
I don't use Linux for ftp-ing, but some Windows machines, Linux only used as Gateway...I tried it with "wsftp".... if you've probs with active ftp... a workaround is using squid as proxy:
# TAG: ftp_passive # If your firewall does not allow Squid to use passive # connections, then turn off this option. ftp_passive on Liebe Gruesse, with best regards Stephan Lauffer [ Pedagogical University Freiburg - Germany ] [ http://www.ph-freiburg.de/zik/ ]
I don't use Linux for ftp-ing, but some Windows machines, Linux only used as Gateway...I tried it with "wsftp"....
I think that this application has a switch "passive mode ftp" or similar. If you use it, it will work.
REJECT_ALL is set to "ppp0 masq"....if I set it to "no", there will be no masquerading and I need this feature to connect with DSL-Provider!
Alternatively, you could set
REJECT_ALL_INCOMING_CONNECTIONS="masq"
and it will do masquerading as well. The interface names are not required,
but if no interface name is supplied, you have no filtering of packets
(other than the "hiding" of your internal hosts behind the masquerading).
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (4)
-
Heinz -
mudjekeevis
-
Roman Drahtmueller -
Stephan Lauffer