Matthias Titeux wrote:
Le Mardi 14 Mars 2006 02:39, Carlos E. R. a écrit :
The Monday 2006-03-13 at 16:59 +0100, Matthias Titeux wrote:
I tried to declare ftp instead of port 20 and 21 in Susefirewall (both TCP and UDP) on both the server and the client (2 SuSE 10.0 oss computers).
The problem still there ! I have
FW_SERVICES_INT_TCP="ftp ftp-data"
or
FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data"
(I consider that network external, it is connected to the internet router).
What is funny is when I tried from A Mac OS X computer (GO> Connect to server> ftp://my-ip-/my-name/) I was able to list the directory !!! I did not specify sftp, but maybe OS X is using it by default.... I'd rather think that it is a problem at the client side firewall. Or that the Mac uses the other method (active or passive).
In active mode the client side "activates" a high port for data, to which the server side connects. The firewall has to be told somehow about that port.
In passive mode it is the server side who has problems with its firewall.
For example, in the "vsftpd" server you can allocate some ports for this:
pasv_max_port
The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.
Default: 0 (use any port)
pasv_min_port
The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.
Default: 0 (use any port)
Other servers have equivalent settings.
And then, you open that range in the firewall. I thought this was not needed with the contrack modules, but... dunno, some one told me he forced loading those modules manually.
One last thing: if you are connecting through internet, I would rather use sftp.
-- Cheers, Carlos Robinson
Many thanks Carlos,
As soon as i get time I will try your suggestions. Somehow, in previous SuSE releases, this was transparent. I just had to open port 21 in the firewall....(and the transfer was in Passive mode). Anyway, I learn better how the ftp transfer is working :-)
And thanx for the advice.
Cheers
Matthias
I realize this an old thread but i was wondering what was the resolution. I have the exact same problem. Thanks, LDB