LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 12-08-2005, 07:20 PM   #1
macgyver007
Member
 
Registered: Oct 2004
Location: Eastern US
Posts: 38

Rep: Reputation: 15
OpenSUSE FTP Daemon and Firewall Config Question


Hey all-

I'm tyring to setup vsftp on OpenSuse. I installed it, the daemon is working and I can connect. Everything works fine with the firewall disabled. However when I enable the firewall, I get the following...


[R] Connecting to 192.168.0.4 -> IP=192.168.0.4 PORT=21
[R] Connected to 192.168.0.4
[R] 220 (vsFTPd 2.0.3)
[R] USER macgyver
[R] 331 Please specify the password.
[R] PASS (hidden)
[R] 230 Login successful.
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 211-Features:
[R] EPRT
[R] EPSV
[R] MDTM
[R] PASV
[R] REST STREAM
[R] SIZE
[R] TVFS
[R] 211 End
[R] PWD
[R] 257 "/home/macgyver"
[R] TYPE A
[R] 200 Switching to ASCII mode.
[R] PASV
[R] 227 Entering Passive Mode (192,168,0,4,240,214)
[R] Opening data connection IP: 192.168.0.4 PORT: 61654
[R] Data Socket Error: Connection timed out
[R] List Error
[R] PASV
[R] 227 Entering Passive Mode (192,168,0,4,236,61)
[R] Opening data connection IP: 192.168.0.4 PORT: 60477




I think it has to do with the firewall configuration. I clicked on the Advanced button of the Suse Firewall and under the TCP Ports, I have "20 21" I tried seperating them with a comma but it does not like that. I was wondering how I can set it up to allow the ftp service to do what it should. Is it as easy as just adding ports 20 and 21 or is it more of that whole active vs. passive deal?



Thanks!

Mark
 
Old 12-08-2005, 08:09 PM   #2
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
[R] 227 Entering Passive Mode (192,168,0,4,240,214)
[R] Opening data connection IP: 192.168.0.4 PORT: 61654
[R] Data Socket Error: Connection timed out
[R] List Error
[R] PASV
[R] 227 Entering Passive Mode (192,168,0,4,236,61)
[R] Opening data connection IP: 192.168.0.4 PORT: 60477

See, it tries to open random high ports for data transmission. This is where you need to open your firewall.
 
Old 12-08-2005, 08:41 PM   #3
macgyver007
Member
 
Registered: Oct 2004
Location: Eastern US
Posts: 38

Original Poster
Rep: Reputation: 15
Yeha I read about it opening random high ports, above 1024. How exactly do exactly do I specify ports if they're random?
 
Old 12-08-2005, 09:14 PM   #4
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
I do not think there is a perfect solution for this. Usually this entire high range is left open, no critical services is run on ports higher than 1024 anyhow.
 
Old 12-09-2005, 02:31 PM   #5
macgyver007
Member
 
Registered: Oct 2004
Location: Eastern US
Posts: 38

Original Poster
Rep: Reputation: 15
Are there any other options?
 
Old 12-09-2005, 04:15 PM   #6
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
Workaround maybe. Like using http for download - there is alot of lightweight http daemons for this. And using ssh and scp instead of ftp.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Semi-complicated Postfix/firewall config question mightyteegar Linux - Software 1 05-15-2005 10:12 AM
newbie ftp and firewall/ip question NonSumPisces Linux - Networking 6 07-30-2004 04:13 PM
Need help making FTP daemon accessible through firewall Electrode Linux - Networking 1 08-12-2003 05:35 PM
Question on firewall, ftp spindley Linux - Networking 3 03-03-2003 11:49 PM
xfs Daemon on a Firewall Box g_goblin Linux - Security 1 11-28-2002 04:35 AM


All times are GMT -5. The time now is 03:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration