-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I had this working time ago, with this same configuration, but now it doesn't work now. I'm testing FTP with two local linux machines (oS 11.2). The server has: FW_TRUSTED_NETS="192.168.X.Y,tcp,ftp 192.168.X.Y,tcp,ftp-data" The client firewall has not been touched. Both machines have nf_conntrack, nf_conntrack_ipv4, nf_conntrack_ipv6 loaded /automatically). With anonymous ftp from client, default settings (Extended Passive Mode), a "dir" doesn't work unless I bring down the server firewall. Passive mode doesn't work either, until I bring down the firewall on the client. Yes, this is contrary to design, passive mode should be easy on the client side. It doesn't even work even if I put in the client side firewall: FW_TRUSTED_NETS="192.168.X.Z,tcp,ftp 192.168.X.Z,tcp,ftp-data" But the client firewall drops it: Apr 30 00:37:47 minas-tirith kernel: [21595.671840] SFW2-INext-DROP-DEFLT IN=wlan0 OUT= MAC=0c:ee... SRC=192.168.X.Z DST=192.168.X.Y LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=33999 DF PROTO=TCP SPT=20 DPT=35556 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A175CEDB70000000001030307) This is contrary to the rule above, port 20 is ftp-data. ftp> passive Passive mode: off; fallback to active mode: off. ftp> dir 200 EPRT command successful. Consider using EPSV. ^C ftp> passive Passive mode: on; fallback to active mode: on. ftp> dir 229 Entering Extended Passive Mode (|||30054|) ^C Althoug I think it is not really using passive mode. Active mode I can not try, because: ftp> active ?Invalid command. ftp> I know that it is the ftp data connection which is not working. But I have no idea how this has to be set, currently. Yes, I know, I should use sftp/ssh. That works. The question now is how to configure the SuSEfirewall on both sides for ftp to work, preferably on all modes. For knowledge sake :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAk27QOIACgkQtTMYHG2NR9V0ywCeP6vPYJaFRzSGg9GnVCGmsxz9 FEwAmwYLQOpINpjVyyHQhfoNFgmKaOo1 =EVcm -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org