[olug] vsftpd Suse 9.0

Eric Penne epenne at olug.org
Sat Apr 3 18:58:41 UTC 2004 

I did an iptables -L and a whole ton of stuff scrolled up my screen.

I grepped for ftp and this was returned:
ACCEPT     tcp  --  anywhere             anywhere           state 
ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state 
ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state 
ESTABLISHED tcp dpt:ftp-data flags:!SYN,RST,ACK/SYN


I don't see anything about accepting ftp just ftp-data.  Yours 
explicitly states the ftp:
 > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
 > ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
 > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
 > ACCEPT udp -- anywhere anywhere udp dpt:fsp

I also noticed Accept statements by ssh and http.  Therefore I believe 
that I need to add a rule to accept ftp.  I would appreciate any help on 
this.  First, where do I look to find the rules when they are applied? 
 From that I can probably figure out the syntax for accepting ftp.

Thanks a lot,
Eric Penne


Thom Harrison wrote:
> Eric,
> 
> I'm running vsftpd on SuSE 9.0 too. I've tried to set it up as if it 
> were a ReadOnly Anonymous vsftp server but with the additional password. 
> You can connect to it:
> 
> linux:/ # ftp thom.homelinux.com
> Connected to ip68-225-168-172.om.om.cox.net.
> 220 "Welcome to Smopuim FTP service."
> Name (thom.homelinux.com:root): ftp
> 331 Please specify the password.
> Password: ftp$thom
> 230 Login successful.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> cd etc
> 250 Directory successfully changed.
> ftp> dir
> 229 Entering Extended Passive Mode (|||42427|)
> 150 Here comes the directory listing.
> -r--r--r-- 1 ftp ftp 6076 Apr 03 14:46 vsftpd.conf
> -r--r--r-- 1 ftp ftp 4 Apr 03 14:46 vsftpd.userlist
> 226 Directory send OK.
> ftp>
> 
> You can download my vsftpd.conf and vsftpd.userlist files. ( both belong 
> in /etc/ )
> /etc/vsftpd.userlist allows only specific IDs to connect.
> 
> When I set it up I also had some directory permissions issues so I'm 
> showing them below.
> 
> linux:/ # cd /srv
> linux:/srv # ll
> total 16
> drwxr-xr-x 4 root root 4096 Mar 14 17:42 .
> drwxr-xr-x 23 root root 4096 Apr 2 23:58 ..
> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ftp
> drwxr-xr-x 6 root root 4096 Jan 3 06:26 www
> 
> linux:/srv # cd ftp
> linux:/srv/ftp # ll
> total 20
> drwxr-xr-x 5 root root 4096 Mar 21 18:49 .
> drwxr-xr-x 4 root root 4096 Mar 14 17:42 ..
> drwxr-xr-x 11 ftp ftp 4096 Mar 13 07:18 custom
> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 etc
> dr-xr-xr-x 2 ftp ftp 4096 Mar 13 06:55 knock
> 
> linux:/srv/ftp # cd etc
> linux:/srv/ftp/etc # ll
> total 20
> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 .
> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ..
> -r--r--r-- 1 ftp ftp 6076 Apr 3 08:46 vsftpd.conf
> -r--r--r-- 1 ftp ftp 4 Apr 3 08:46 vsftpd.userlist
> linux:/srv/ftp/etc #
> 
> netstat -a | head shows: ( ftp is port 21 )
> 
> tcp 0 0 *:ftp *:* LISTEN
> 
> iptables -L shows:
> 
> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
> ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
> ACCEPT udp -- anywhere anywhere udp dpt:fsp
> 
> 
> I've also got a manual vsftpd iptables -L rule that I can run in 
> /custom/cmds/afa
> You can download that too.
> 
> afa=Allow Ftp Access
> awa=Allow Web Access
> asa=Allow Ssh Access
> ava=Allow Vnc Access
> 
> Since I'm simply playing around with these things I generally don't keep 
> them accessible, so I run the appropriate script when needed.
> 
> 
> Eric Penne wrote:
> 
>> I can't seem to get vsftpd to accept a connection on a newly installed 
>> Suse 9 machine. http and ssh work but not ftp.
>>
>> netstat -pant:
>> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 760/portmap
>> tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1873/X
>> tcp 0 0 XXX.XXX.XXX.36:21 0.0.0.0:* LISTEN 2786/vsftpd
>> tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 931/cupsd
>> tcp 0 0 :::80 :::* LISTEN 1962/httpd2-prefork
>> tcp 0 0 :::22 :::* LISTEN 827/sshd
>>
>>
>>
>> I told it to listen to my IP address. If I remove the manual ip 
>> address line from the vsftpd file it listens on 0.0.0.0:21. I can ftp 
>> to the machine from itself but I can't connect from any outside 
>> machines with either address. I'd be happy to give you the main 
>> address but I'm still inthe process of shutting down services and 
>> reading the config files closely.
>>
>> All the lines in hosts.allow are commented out.
>>
>> hosts.deny:
>> http-rman : ALL EXCEPT LOCAL
>>
>>
>> do I need to specifically add something to hosts.allow to allow 
>> outside machines?
>>
>> I notice that the 2 external services that are working look like they 
>> have ::: instead of x.x.x.x for IPs. Is that significant.
>>
>> I don't think I configured a firewally on this machine but I'm not 
>> ruling it out. How do I check to see if I have any rules that may be 
>> impeding?
>>
>> Thanks
>> Eric Penne
>>
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> http://lists.olug.org/mailman/listinfo/olug
>>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list