Hello, Am Mittwoch, 5. November 2008 schrieb Ludwig Nussel:
Roman Drahtmueller wrote:
I have problems setting up SuSEfirewall2 on a server with openSUSE 11.0 and vsftpd running.
The problem is that I didn't find out the correct configuration for FTP - I can login using a FTP client, but when I try to upload files or request a directory listing, I clash with the firewall :-(
you will have to disable the filters. The reason is comparatively simple: the ftp protocol opens a TCP connection for each file transfer, even a for a directory listing.
Both vsftpd and pure-ftpd allow to configure a port range used for passive mode. You can open that port range in the firewall than. Normally random ports are used for passive mode which indeed is hard to filter.
Thanks for your feedback. Opening a limited port range sounds like an acceptable solution. However, I wonder about two things: - shouldn't the nf_conntrack_ftp module handle this and open the needed highport automatically? - why does FTP work on a 10.2 server without opening a port range? (I use ip_conntrack_ftp there) Regards, Christian Boltz -- Ein Admin ist wie ein Tierpfleger er muss mir eNTen Pinguinen und Daemonen (ähm habe ich irgendwie noch in keinem Zoo gesehen) umgehen können, eNTen sind aber besonders gefährlich und unberechenbar, beim Putzen sollte man da schon aufpassen das man sich keinen Wurm einfängt[........] [D. Aubry] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org