[olug] vsftpd Suse 9.0

Eric Penne epenne at olug.org
Sun Apr 4 03:56:21 UTC 2004


Thanks for you help.  Unfortunately I don't have graphical access to 
this machine right now.  I found the SuSEfirewall rules generator in 
/etc/sysconfig/SuSEfirewall.  In there I found a line that says 
something like "Allow outside access to these ports".  http, ssh, and 
ftp-data were already there so I added ftp and restarted the PC.  It worked!

Thanks
Eric

Thom Harrison wrote:
> You can check to see if your firewall ( or router ) is blocking ftp by 
> going to an online scanner like
> http://www.grc.com and going to their "Shields Up" scanner page.
> 
> If you're running the SuSE Firewall you can go into YaST2 and configure 
> it ( under Security and Users ). I didn't see an option for allow ftp 
> specifically but you can add that in the field provided at the bottom.
> 
> Thom
> 
> Eric Penne wrote:
> 
>> I did an iptables -L and a whole ton of stuff scrolled up my screen.
>>
>> I grepped for ftp and this was returned:
>> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data 
>> flags:!SYN,RST,ACK/SYN
>> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data 
>> flags:!SYN,RST,ACK/SYN
>> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data 
>> flags:!SYN,RST,ACK/SYN
>>
>>
>> I don't see anything about accepting ftp just ftp-data. Yours 
>> explicitly states the ftp:
>> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
>> > ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
>> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
>> > ACCEPT udp -- anywhere anywhere udp dpt:fsp
>>
>> I also noticed Accept statements by ssh and http. Therefore I believe 
>> that I need to add a rule to accept ftp. I would appreciate any help 
>> on this. First, where do I look to find the rules when they are 
>> applied? From that I can probably figure out the syntax for accepting 
>> ftp.
>>
>> Thanks a lot,
>> Eric Penne
>>
>>
>> Thom Harrison wrote:
>>
>>> Eric,
>>>
>>> I'm running vsftpd on SuSE 9.0 too. I've tried to set it up as if it 
>>> were a ReadOnly Anonymous vsftp server but with the additional 
>>> password. You can connect to it:
>>>
>>> linux:/ # ftp thom.homelinux.com
>>> Connected to ip68-225-168-172.om.om.cox.net.
>>> 220 "Welcome to Smopuim FTP service."
>>> Name (thom.homelinux.com:root): ftp
>>> 331 Please specify the password.
>>> Password: ftp$thom
>>> 230 Login successful.
>>> Remote system type is UNIX.
>>> Using binary mode to transfer files.
>>> ftp> cd etc
>>> 250 Directory successfully changed.
>>> ftp> dir
>>> 229 Entering Extended Passive Mode (|||42427|)
>>> 150 Here comes the directory listing.
>>> -r--r--r-- 1 ftp ftp 6076 Apr 03 14:46 vsftpd.conf
>>> -r--r--r-- 1 ftp ftp 4 Apr 03 14:46 vsftpd.userlist
>>> 226 Directory send OK.
>>> ftp>
>>>
>>> You can download my vsftpd.conf and vsftpd.userlist files. ( both 
>>> belong in /etc/ )
>>> /etc/vsftpd.userlist allows only specific IDs to connect.
>>>
>>> When I set it up I also had some directory permissions issues so I'm 
>>> showing them below.
>>>
>>> linux:/ # cd /srv
>>> linux:/srv # ll
>>> total 16
>>> drwxr-xr-x 4 root root 4096 Mar 14 17:42 .
>>> drwxr-xr-x 23 root root 4096 Apr 2 23:58 ..
>>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ftp
>>> drwxr-xr-x 6 root root 4096 Jan 3 06:26 www
>>>
>>> linux:/srv # cd ftp
>>> linux:/srv/ftp # ll
>>> total 20
>>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 .
>>> drwxr-xr-x 4 root root 4096 Mar 14 17:42 ..
>>> drwxr-xr-x 11 ftp ftp 4096 Mar 13 07:18 custom
>>> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 etc
>>> dr-xr-xr-x 2 ftp ftp 4096 Mar 13 06:55 knock
>>>
>>> linux:/srv/ftp # cd etc
>>> linux:/srv/ftp/etc # ll
>>> total 20
>>> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 .
>>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ..
>>> -r--r--r-- 1 ftp ftp 6076 Apr 3 08:46 vsftpd.conf
>>> -r--r--r-- 1 ftp ftp 4 Apr 3 08:46 vsftpd.userlist
>>> linux:/srv/ftp/etc #
>>>
>>> netstat -a | head shows: ( ftp is port 21 )
>>>
>>> tcp 0 0 *:ftp *:* LISTEN
>>>
>>> iptables -L shows:
>>>
>>> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
>>> ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
>>> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
>>> ACCEPT udp -- anywhere anywhere udp dpt:fsp
>>>
>>>
>>> I've also got a manual vsftpd iptables -L rule that I can run in 
>>> /custom/cmds/afa
>>> You can download that too.
>>>
>>> afa=Allow Ftp Access
>>> awa=Allow Web Access
>>> asa=Allow Ssh Access
>>> ava=Allow Vnc Access
>>>
>>> Since I'm simply playing around with these things I generally don't 
>>> keep them accessible, so I run the appropriate script when needed.
>>>
>>>
>>> Eric Penne wrote:
>>>
>>>> I can't seem to get vsftpd to accept a connection on a newly 
>>>> installed Suse 9 machine. http and ssh work but not ftp.
>>>>
>>>> netstat -pant:
>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 760/portmap
>>>> tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1873/X
>>>> tcp 0 0 XXX.XXX.XXX.36:21 0.0.0.0:* LISTEN 2786/vsftpd
>>>> tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 931/cupsd
>>>> tcp 0 0 :::80 :::* LISTEN 1962/httpd2-prefork
>>>> tcp 0 0 :::22 :::* LISTEN 827/sshd
>>>>
>>>>
>>>>
>>>> I told it to listen to my IP address. If I remove the manual ip 
>>>> address line from the vsftpd file it listens on 0.0.0.0:21. I can 
>>>> ftp to the machine from itself but I can't connect from any outside 
>>>> machines with either address. I'd be happy to give you the main 
>>>> address but I'm still inthe process of shutting down services and 
>>>> reading the config files closely.
>>>>
>>>> All the lines in hosts.allow are commented out.
>>>>
>>>> hosts.deny:
>>>> http-rman : ALL EXCEPT LOCAL
>>>>
>>>>
>>>> do I need to specifically add something to hosts.allow to allow 
>>>> outside machines?
>>>>
>>>> I notice that the 2 external services that are working look like 
>>>> they have ::: instead of x.x.x.x for IPs. Is that significant.
>>>>
>>>> I don't think I configured a firewally on this machine but I'm not 
>>>> ruling it out. How do I check to see if I have any rules that may be 
>>>> impeding?
>>>>
>>>> Thanks
>>>> Eric Penne
>>>>
>>>>
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> http://lists.olug.org/mailman/listinfo/olug
>>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> http://lists.olug.org/mailman/listinfo/olug
>>
>>
>>
>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> http://lists.olug.org/mailman/listinfo/olug
>>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list