[olug] vsftpd Suse 9.0
Thom Harrison
id4spam at cox.net
Sat Apr 3 23:22:51 UTC 2004
You can check to see if your firewall ( or router ) is blocking ftp by
going to an online scanner like
http://www.grc.com and going to their "Shields Up" scanner page.
If you're running the SuSE Firewall you can go into YaST2 and configure
it ( under Security and Users ). I didn't see an option for allow ftp
specifically but you can add that in the field provided at the bottom.
Thom
Eric Penne wrote:
> I did an iptables -L and a whole ton of stuff scrolled up my screen.
>
> I grepped for ftp and this was returned:
> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data
> flags:!SYN,RST,ACK/SYN
> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data
> flags:!SYN,RST,ACK/SYN
> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data
> flags:!SYN,RST,ACK/SYN
>
>
> I don't see anything about accepting ftp just ftp-data. Yours
> explicitly states the ftp:
> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
> > ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
> > ACCEPT udp -- anywhere anywhere udp dpt:fsp
>
> I also noticed Accept statements by ssh and http. Therefore I believe
> that I need to add a rule to accept ftp. I would appreciate any help
> on this. First, where do I look to find the rules when they are
> applied? From that I can probably figure out the syntax for accepting
> ftp.
>
> Thanks a lot,
> Eric Penne
>
>
> Thom Harrison wrote:
>
>> Eric,
>>
>> I'm running vsftpd on SuSE 9.0 too. I've tried to set it up as if it
>> were a ReadOnly Anonymous vsftp server but with the additional
>> password. You can connect to it:
>>
>> linux:/ # ftp thom.homelinux.com
>> Connected to ip68-225-168-172.om.om.cox.net.
>> 220 "Welcome to Smopuim FTP service."
>> Name (thom.homelinux.com:root): ftp
>> 331 Please specify the password.
>> Password: ftp$thom
>> 230 Login successful.
>> Remote system type is UNIX.
>> Using binary mode to transfer files.
>> ftp> cd etc
>> 250 Directory successfully changed.
>> ftp> dir
>> 229 Entering Extended Passive Mode (|||42427|)
>> 150 Here comes the directory listing.
>> -r--r--r-- 1 ftp ftp 6076 Apr 03 14:46 vsftpd.conf
>> -r--r--r-- 1 ftp ftp 4 Apr 03 14:46 vsftpd.userlist
>> 226 Directory send OK.
>> ftp>
>>
>> You can download my vsftpd.conf and vsftpd.userlist files. ( both
>> belong in /etc/ )
>> /etc/vsftpd.userlist allows only specific IDs to connect.
>>
>> When I set it up I also had some directory permissions issues so I'm
>> showing them below.
>>
>> linux:/ # cd /srv
>> linux:/srv # ll
>> total 16
>> drwxr-xr-x 4 root root 4096 Mar 14 17:42 .
>> drwxr-xr-x 23 root root 4096 Apr 2 23:58 ..
>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ftp
>> drwxr-xr-x 6 root root 4096 Jan 3 06:26 www
>>
>> linux:/srv # cd ftp
>> linux:/srv/ftp # ll
>> total 20
>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 .
>> drwxr-xr-x 4 root root 4096 Mar 14 17:42 ..
>> drwxr-xr-x 11 ftp ftp 4096 Mar 13 07:18 custom
>> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 etc
>> dr-xr-xr-x 2 ftp ftp 4096 Mar 13 06:55 knock
>>
>> linux:/srv/ftp # cd etc
>> linux:/srv/ftp/etc # ll
>> total 20
>> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 .
>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ..
>> -r--r--r-- 1 ftp ftp 6076 Apr 3 08:46 vsftpd.conf
>> -r--r--r-- 1 ftp ftp 4 Apr 3 08:46 vsftpd.userlist
>> linux:/srv/ftp/etc #
>>
>> netstat -a | head shows: ( ftp is port 21 )
>>
>> tcp 0 0 *:ftp *:* LISTEN
>>
>> iptables -L shows:
>>
>> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
>> ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
>> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
>> ACCEPT udp -- anywhere anywhere udp dpt:fsp
>>
>>
>> I've also got a manual vsftpd iptables -L rule that I can run in
>> /custom/cmds/afa
>> You can download that too.
>>
>> afa=Allow Ftp Access
>> awa=Allow Web Access
>> asa=Allow Ssh Access
>> ava=Allow Vnc Access
>>
>> Since I'm simply playing around with these things I generally don't
>> keep them accessible, so I run the appropriate script when needed.
>>
>>
>> Eric Penne wrote:
>>
>>> I can't seem to get vsftpd to accept a connection on a newly
>>> installed Suse 9 machine. http and ssh work but not ftp.
>>>
>>> netstat -pant:
>>> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 760/portmap
>>> tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1873/X
>>> tcp 0 0 XXX.XXX.XXX.36:21 0.0.0.0:* LISTEN 2786/vsftpd
>>> tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 931/cupsd
>>> tcp 0 0 :::80 :::* LISTEN 1962/httpd2-prefork
>>> tcp 0 0 :::22 :::* LISTEN 827/sshd
>>>
>>>
>>>
>>> I told it to listen to my IP address. If I remove the manual ip
>>> address line from the vsftpd file it listens on 0.0.0.0:21. I can
>>> ftp to the machine from itself but I can't connect from any outside
>>> machines with either address. I'd be happy to give you the main
>>> address but I'm still inthe process of shutting down services and
>>> reading the config files closely.
>>>
>>> All the lines in hosts.allow are commented out.
>>>
>>> hosts.deny:
>>> http-rman : ALL EXCEPT LOCAL
>>>
>>>
>>> do I need to specifically add something to hosts.allow to allow
>>> outside machines?
>>>
>>> I notice that the 2 external services that are working look like
>>> they have ::: instead of x.x.x.x for IPs. Is that significant.
>>>
>>> I don't think I configured a firewally on this machine but I'm not
>>> ruling it out. How do I check to see if I have any rules that may be
>>> impeding?
>>>
>>> Thanks
>>> Eric Penne
>>>
>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> http://lists.olug.org/mailman/listinfo/olug
>>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> http://lists.olug.org/mailman/listinfo/olug
>
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list