Re: [SLE] susefirewall2 and ftp

7 Dec 2005

      Op woensdag 7 december 2005 07:25, schreef Chadley Wilson:
...
On Wed, 2005-12-07 at 06:36 +0100, wavesurf@planet.nl wrote:
...
Op woensdag 7 december 2005 04:03, schreef John Scott:
...
On 12/6/05, wavesurf@planet.nl <wavesurf@planet.nl> wrote:
...
Hello,
I have setup "vsftpd" and it works fine with the firewall off.
The problem is, that there is no option, in the service, in the
firewall-yast, for FTP?
What am i missing?
--
thanks,
Gerrit Jan Eldering
KDE-versie:  3.5.0 Level "a"
Systeem:     SuSELinux 10.0
Kernel:      2.6.13-15-default
In susefirewall-yast, click allowed services then advanced and add
then add 21 to the tcp list of ports.
John
I did so, but that won't work, it's very strange...
--
--
Gerrit Jan Eldering
KDE-versie:  3.5.0 Level "a"
Systeem:     SuSELinux 10.0
Kernel:      2.6.13-15.7-default
Hi Gerrit,
I had a similar issue before,
Firstly if you have one network interface, you must set the interface as
an external, then you must disable protect from internal, because it
will override the external settings, external being the same interface
as internal in my case. enable ports 20 and 21 remember to type the port
numbers in space separated and no commas. (just a space.)
Enable the firewall then from a local shell run
#netstat --tulpen
post the output which shows what services are running and which ports.
Then port scan your box to see if the port is available.
#nmap <your-ip>
which will show which ports are available.
post the output as well,
does your /etc/xinetd.d/vsftpd file look like this?
service ftp
{
#        server_args             =
#        log_on_success          += DURATION USERID
#        log_on_failure          += USERID
#        nice                    = 10
        disable         = yes
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/vsftpd
}
and this is a copy of my vsftp.conf file which is just for anonymous
connections.
chadlap:~ # grep -v ^# /etc/vsftpd.conf
dirmessage_enable=YES
anonymous_enable=YES
anon_world_readable_only=YES
syslog_enable=YES
connect_from_port_20=YES
pam_service_name=vsftpd
keep posting... :')
Cheers
Chadley
Chadley,

Still working on it.
I have 2 cards, one internal and one external.
The 2 files are the same now, was missing "disable         = yes".
It still won't work, i think the problem is port 20....

PORT      STATE    SERVICE
21/tcp    open     ftp
22/tcp    open     ssh
10082/tcp filtered amandaidx
10083/tcp filtered amidxtape

#netstat --tulpen this one won't work?

Maby you will look here to see what the problem is;

Dec  7 13:17:58 linux vsftpd: Wed Dec  7 13:17:58 2005 [pid 9783] CONNECT: 
Client "123.123.123.123"
Dec  7 13:17:58 linux vsftpd: Wed Dec  7 13:17:58 2005 [pid 9783] FTP 
response: Client "123.123.123.123", "220 (vsFTPd 2.0.3)"
Dec  7 13:17:58 linux vsftpd: Wed Dec  7 13:17:58 2005 [pid 9783] FTP command: 
Client "123.123.123.123", "USER gerritjanftp"
Dec  7 13:17:58 linux vsftpd: Wed Dec  7 13:17:58 2005 [pid 9783] 
[gerritjanftp] FTP response: Client "123.123.123.123", "331 Please specify 
the password."
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9783] 
[gerritjanftp] FTP command: Client "123.123.123.123", "PASS <password>"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9782] 
[gerritjanftp] OK LOGIN: Client "123.123.123.123"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "230 Login 
successful."
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "SYST"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "215 UNIX Type: L8"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "PWD"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "257 "/""
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "TYPE I"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "200 Switching to 
Binary mode."
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "PASV"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "227 Entering Passive 
Mode (192,168,1,102,54,64)"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "SIZE /"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "550 Could not get 
file size."
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "MDTM /"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "550 Could not get 
file modification time."
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "RETR /"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "550 Failed to open 
file."
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FAIL DOWNLOAD: Client "123.123.123.123", "/", 0.00Kbyte/sec
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "PASV"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "227 Entering Passive 
Mode (192,168,1,102,45,99)"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "CWD /"
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "250 Directory 
successfully changed."
Dec  7 13:18:00 linux vsftpd: Wed Dec  7 13:18:00 2005 [pid 9784] 
[gerritjanftp] FTP command: Client "123.123.123.123", "LIST"
Dec  7 13:19:00 linux vsftpd: Wed Dec  7 13:19:00 2005 [pid 9784] 
[gerritjanftp] FTP response: Client "123.123.123.123", "425 Failed to 
establish connection."

-- 
thanks,
Gerrit Jan Eldering

KDE-versie:  3.5.0 Level "a" 
Systeem:     SuSELinux 10.0
Kernel:      2.6.13-15.7-default

Re: [SLE] susefirewall2 and ftp

wavesurf＠planet.nl