LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 12-11-2003, 07:05 PM   #1
Moebius01
LQ Newbie
 
Registered: Nov 2003
Posts: 24

Rep: Reputation: 15
Fedora's Firewall & FTP


I just finished an install of Core1, and I'm working on getting the FTP server running (so I can upload web pages from my dev box for quick testing). Unfortunately, I'm still very much a newbie so this is kind of greek to me, but I believe I have the VSFTPD configured how I need now.

However, if I have the firewall enabled under System Security Settings, I can't connect from my dev box with CuteFTP. I show the connection established, user and pass authenticated, and all looks good. Then CuteFTP goes into Passive mode and tries to retrieve the directory listing. For whatever reason, even if FTP is checked as allowed in the firewall, CuteFTP fails to connect a socket.

227 Entering Passive Mode (192,168,1,203,121,147)
STATUS:> Connecting data socket...
ERROR:> Failed to establish data socket


If I set eth0 as a trusted device, or disable the firewall, it works just fine, but of course that leaves the box wide open.

Anyone have any suggestions on where to look to correct this, or what if I need to go with a different firewall. My router has one, but it's weak at best. I use Zonealarm on my XP dev box, but of course that's not available for Linux.
 
Old 12-12-2003, 02:39 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Make sure you are allowing incomming conenctions to ports 20 and 21.
 
Old 12-12-2003, 03:51 PM   #3
wytiger
Member
 
Registered: Nov 2003
Location: Virginia
Distribution: Fedora Core 4
Posts: 121

Rep: Reputation: 15
IIRC, passive mode allows the server to specify a different IP and/or different ports to connect to on the server.

So for instance, you may connect on port 21, but when the server goes into passive mode, it may be trying to tell your client to connect on port 1025 (or whatever) and that port is not open on the firewall.

Is there a way to specify the passive port range to be used on the FTP server (in the config file), then open those ports on the firewall? I would assume so...
 
Old 12-12-2003, 10:43 PM   #4
Moebius01
LQ Newbie
 
Registered: Nov 2003
Posts: 24

Original Poster
Rep: Reputation: 15
If there's a way to do any advanced configurations of the firewall that Fedora includes with install, I sure can't find it. Basically, you have a checkbox for HTTP, FTP, MAIL, and a couple others, plus a trust this device check for the nic. I can't find any manner of port triggering or filtering in the firewall. If it's there, it's either very well hidden, or only usable through the config files, which I'm going to hunt for shortly.
 
Old 12-14-2003, 02:55 PM   #5
wytiger
Member
 
Registered: Nov 2003
Location: Virginia
Distribution: Fedora Core 4
Posts: 121

Rep: Reputation: 15
I've been looking around, and have read that Firestarter is a good one to try. Here's how you can get it on Fedora:

First, add the following to your /etc/yum.conf file:
Code:
[fedora-extras]
name=Fedora Extras $releasever - $basearch - Extra Packages
baseurl=http://download.fedora.us/fedora/fedora/$releasever/$basearch/yum/stable/
gpgcheck=1
failovermethod=priority
Then, do the following steps:
Code:
rpm -import http://www.fedora.us/FEDORA-GPG-KEY


yum check-update


yum install firestarter
Once firestarter is installed, you will find it under System Tools --> More System Tools. There is a wizard that you run first, then you can add more open ports after that. There is an online manual , too.

Good luck!
 
Old 02-21-2004, 07:26 AM   #6
tpjets62
LQ Newbie
 
Registered: Sep 2003
Location: Albany, NY
Distribution: CentOS 4.1 Slackware SuSe
Posts: 28

Rep: Reputation: 15
I installed Firestarter last weeks and it seems to work well. It is alot less time consuming than manually editing iptables, but I am still not sure if the security is as good. I am actively searching the web for more info. If I see anything of interest pro or con, I will post it here.
 
Old 02-21-2004, 12:57 PM   #7
jon-do
Member
 
Registered: Feb 2004
Distribution: Red 9, FC 2 Test 3
Posts: 98

Rep: Reputation: 16
I think the default firewall in fedora is a joke. I have the same problem because I could not connect when the firewall was enabled or disabled, even though my connection was up.

I just went with Firestarter and never looked back.
 
Old 03-29-2004, 05:21 PM   #8
purplehaze
LQ Newbie
 
Registered: Mar 2004
Location: England
Posts: 4

Rep: Reputation: 0
Thanks for the help

There seems to be very little info on the firewall in fedora. I found out that it seems to use lokkit, however I thought that iptables was used, will have to look in to somemore unless somebody else knows?
 
Old 03-30-2004, 04:09 AM   #9
FunkyRes
Member
 
Registered: Mar 2004
Distribution: CentOS
Posts: 174

Rep: Reputation: 30
Quote:
Originally posted by tpjets62
I installed Firestarter last weeks and it seems to work well. It is alot less time consuming than manually editing iptables, but I am still not sure if the security is as good. I am actively searching the web for more info. If I see anything of interest pro or con, I will post it here.
Firestarter uses iptables. It is just a front end so that you don't have to do the dirty work of editing them yourself.

In other words - it's as good as iptables.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP & iptables firewall hct224 Linux - Newbie 9 05-04-2012 01:43 PM
How to modify fedora's NAT type? 80mail Linux - Networking 6 05-19-2007 01:22 AM
Passive mode FTP & Firewall Mikessu *BSD 2 07-23-2004 12:12 AM
Fedora's KDE very sluggish for me? DaveGallant Fedora 0 07-16-2004 11:41 AM
Good FTP & Firewall VJD Linux - Networking 3 07-23-2003 03:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 11:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration