Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
SuSEfirewall2 and Active ftp
  • From: André Sänger <Andre.Saenger@xxxxxx>
  • Date: Wed, 16 Jul 2003 16:46:13 +0200
  • Message-id: <94021803.20030716164613@xxxxxx>
Hallo suse-security,

I´m still not sure how to configure SuSEfirewall2 to get active ftp
working.

The Server is between two LANs and doing no masquerading.


from the config:


FW_FORWARD="[...] \
myip,ftpserverip,tcp,21 \
myip,ftpserverip,tcp,20"

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"


Now if I try to establish a connection I get a connect, but when
trying to list the ftp-dir the ftp client hangs.

The firewall-log says:

Jul 16 16:13:51 [firewallmachine] kernel: SuSE-FW-DROP-DEFAULT
IN=eth1 OUT=eth0 SRC=[ftpserverip] DST=[myip] LEN=60 TOS=0x08
PREC=0x00 TTL=62 ID=46457 DF PROTO=TCP SPT=20 DPT=1137 WINDOW=5840
RES=0x00 SYN URGP=0 OPT (020405B40402080A16229CFF0000000001030300)

What else is needed to get active ftp working through SuSEfirewall2?


If I insert a rule like

$IPTABLES -A $CHAIN -j "$ACCEPT" -m state --state
ESTABLISHED,RELATED -d $quelle -s $ziel -p tcp --sport 20

in SuSEfirewall2-custom active ftp works again, but I don´t think
that´s the proper way? There has to be something in
/etc/sysconfig/SuSEfirewall2 I´m missing.

The Firewall machine is running SuSE8.2Professional, Kernel
2.4.20-4GB-athlon


--
Mit freundlichen Grüßen,
André Sänger mailto:Andre.Saenger@xxxxxx



< Previous Next >
This Thread
  • No further messages