LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   OpenSUSE FTP Daemon and Firewall Config Question (https://www.linuxquestions.org/questions/linux-newbie-8/opensuse-ftp-daemon-and-firewall-config-question-390703/)

anon111 12-08-2005 07:20 PM
OpenSUSE FTP Daemon and Firewall Config Question
 
Hey all-

I'm tyring to setup vsftp on OpenSuse. I installed it, the daemon is working and I can connect. Everything works fine with the firewall disabled. However when I enable the firewall, I get the following...


[R] Connecting to 192.168.0.4 -> IP=192.168.0.4 PORT=21
[R] Connected to 192.168.0.4
[R] 220 (vsFTPd 2.0.3)
[R] USER macgyver
[R] 331 Please specify the password.
[R] PASS (hidden)
[R] 230 Login successful.
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 211-Features:
[R] EPRT
[R] EPSV
[R] MDTM
[R] PASV
[R] REST STREAM
[R] SIZE
[R] TVFS
[R] 211 End
[R] PWD
[R] 257 "/home/macgyver"
[R] TYPE A
[R] 200 Switching to ASCII mode.
[R] PASV
[R] 227 Entering Passive Mode (192,168,0,4,240,214)
[R] Opening data connection IP: 192.168.0.4 PORT: 61654
[R] Data Socket Error: Connection timed out
[R] List Error
[R] PASV
[R] 227 Entering Passive Mode (192,168,0,4,236,61)
[R] Opening data connection IP: 192.168.0.4 PORT: 60477




I think it has to do with the firewall configuration. I clicked on the Advanced button of the Suse Firewall and under the TCP Ports, I have "20 21" I tried seperating them with a comma but it does not like that. I was wondering how I can set it up to allow the ftp service to do what it should. Is it as easy as just adding ports 20 and 21 or is it more of that whole active vs. passive deal?



Thanks!

Mark

Emerson 12-08-2005 08:09 PM
[R] 227 Entering Passive Mode (192,168,0,4,240,214)
[R] Opening data connection IP: 192.168.0.4 PORT: 61654
[R] Data Socket Error: Connection timed out
[R] List Error
[R] PASV
[R] 227 Entering Passive Mode (192,168,0,4,236,61)
[R] Opening data connection IP: 192.168.0.4 PORT: 60477

See, it tries to open random high ports for data transmission. This is where you need to open your firewall.

anon111 12-08-2005 08:41 PM
Yeha I read about it opening random high ports, above 1024. How exactly do exactly do I specify ports if they're random?

Emerson 12-08-2005 09:14 PM
I do not think there is a perfect solution for this. Usually this entire high range is left open, no critical services is run on ports higher than 1024 anyhow.

anon111 12-09-2005 02:31 PM
Are there any other options?

Emerson 12-09-2005 04:15 PM
Workaround maybe. Like using http for download - there is alot of lightweight http daemons for this. And using ssh and scp instead of ftp.


All times are GMT -5. The time now is 03:03 AM.