LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-07-2009, 12:54 AM   #31
stamcose
Member
 
Registered: Nov 2009
Posts: 55

Original Poster
Rep: Reputation: 15

My start configuration as set up at booting:

Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2032/portmap
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2358/xinetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2372/sshd
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2172/cupsd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2289/master
tcp        0      0 127.0.0.1:7572          127.0.0.1:111           TIME_WAIT   -
tcp        0      0 :::22                   :::*                    LISTEN      2372/sshd
tcp        0      0 ::1:631                 :::*                    LISTEN      2172/cupsd
tcp        0      0 ::1:25                  :::*                    LISTEN      2289/master
ftp access not possible, no trace in /var/log/xinetd.log,/var/log/messages

Stopping xinetd and starting pure-ftpd:

Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2032/portmap
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2941/pure-ftpd (SER
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2372/sshd
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2172/cupsd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2289/master
tcp        0      0 :::21                   :::*                    LISTEN      2941/pure-ftpd (SER
tcp        0      0 :::22                   :::*                    LISTEN      2372/sshd
tcp        0      0 ::1:631                 :::*                    LISTEN      2172/cupsd
tcp        0      0 ::1:25                  :::*                    LISTEN      2289/master
ftp access not possible, no trace in /var/log/messages

Conclusion:

It is not really a problem with xinetd/pure-ftpd, the problem is upstream with the basic tcp handling!
 
Old 12-07-2009, 10:00 AM   #32
stamcose
Member
 
Registered: Nov 2009
Posts: 55

Original Poster
Rep: Reputation: 15
PROBLEM SOLVED!

It is indeed the firewall that messes it up! Switch off the firewall (with YAST interactive facility) and it works!

Let firewall run but allow pure-ftpd FROM EXTERNAL ZONE (with YAST interactive facility) and it works!

But the firewall is supposed (by the active default setting) to not protect from internal zone. (from ip 192.168.0.*)

IT IS THEREFORE A BUG IN THE FIREWALL

Should be corrected (or warned for!) in connection with the "get software" function! I spent a lot of time with this!
 
Old 12-08-2009, 04:09 AM   #33
stamcose
Member
 
Registered: Nov 2009
Posts: 55

Original Poster
Rep: Reputation: 15
Sorry, it is not a bug in the Firewall!

With the default Firewall setting from the installation CD "eth0" is external zone. There is no "internal zone"!

With the ftp server in a private LAN behind a router with Firewall towards Internet the SUSE Firewall should logically be switched off if you consider the LAN as a "safe internal zone". If not leave the SUSE Firewall on and allow the ftp service explicitly.

Sure, on the private LAN all traffic has IP adress 192.168.0.*!
 
Old 12-09-2009, 10:28 AM   #34
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677Reputation: 677
If you run the "yast2 firewall" config tool, you can assign which zone an interface is assigned to in the "interfaces" zone. Under the "allow services" page a button on the bottom allows you to "protect firewall from internal zone". The default is to have this unselected. The ports are not blocked for the internal zone in that case. I usually opt to have this selected and to allow services such as nfs & samba enabled explicitly for the internal zone and only ssh for the external zone. I use external zone for the wireless interface and internal for eth0.

I'm glad you got it working!
 
  


Reply

Tags
pureftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Will adding nvidia repository in suse 11.1 enable yast driver download? sirius57 SUSE / openSUSE 2 04-08-2009 08:43 PM
SUSE 9.1 Yast repository issues liquidengineer1981 Linux - Software 3 03-06-2009 01:19 PM
pure-ftpd-mysql activates pure-ftpd zvikamer Linux - Software 2 03-01-2008 01:11 PM
creation of own http repository for Suse yast sawoy SUSE / openSUSE 1 06-20-2005 05:58 AM
authentication & file sharing using pure-ftpd & suse 9.0 dopper Linux - Software 1 08-13-2004 12:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration