-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2006-03-13 at 16:59 +0100, Matthias Titeux wrote:
I tried to declare ftp instead of port 20 and 21 in Susefirewall (both TCP and UDP) on both the server and the client (2 SuSE 10.0 oss computers).
The problem still there !
I have FW_SERVICES_INT_TCP="ftp ftp-data" or FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data" (I consider that network external, it is connected to the internet router).
What is funny is when I tried from A Mac OS X computer (GO> Connect to server> ftp://my-ip-/my-name/) I was able to list the directory !!! I did not specify sftp, but maybe OS X is using it by default....
I'd rather think that it is a problem at the client side firewall. Or that the Mac uses the other method (active or passive). In active mode the client side "activates" a high port for data, to which the server side connects. The firewall has to be told somehow about that port. In passive mode it is the server side who has problems with its firewall. For example, in the "vsftpd" server you can allocate some ports for this: pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. Default: 0 (use any port) pasv_min_port The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. Default: 0 (use any port) Other servers have equivalent settings. And then, you open that range in the firewall. I thought this was not needed with the contrack modules, but... dunno, some one told me he forced loading those modules manually. One last thing: if you are connecting through internet, I would rather use sftp. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEFh6+tTMYHG2NR9URAo73AJ4wmi7QdX1OKCuH2m8PKw7yO3tLIQCfeTkU 804lY2L/YpChDRTbPOx7DgQ= =Sfup -----END PGP SIGNATURE-----