[olug] vsftpd Suse 9.0

Thom Harrison id4spam at cox.net
Sun Apr 4 04:13:28 UTC 2004 

Great to hear!  If you see any settings in the vsftpd.conf file that I 
should try, let me know.

Thom

Eric Penne wrote:

> Thanks for you help.  Unfortunately I don't have graphical access to 
> this machine right now.  I found the SuSEfirewall rules generator in 
> /etc/sysconfig/SuSEfirewall.  In there I found a line that says 
> something like "Allow outside access to these ports".  http, ssh, and 
> ftp-data were already there so I added ftp and restarted the PC.  It 
> worked!
>
> Thanks
> Eric
>
> Thom Harrison wrote:
>
>> You can check to see if your firewall ( or router ) is blocking ftp 
>> by going to an online scanner like
>> http://www.grc.com and going to their "Shields Up" scanner page.
>>
>> If you're running the SuSE Firewall you can go into YaST2 and 
>> configure it ( under Security and Users ). I didn't see an option for 
>> allow ftp specifically but you can add that in the field provided at 
>> the bottom.
>>
>> Thom
>>
>> Eric Penne wrote:
>>
>>> I did an iptables -L and a whole ton of stuff scrolled up my screen.
>>>
>>> I grepped for ftp and this was returned:
>>> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data 
>>> flags:!SYN,RST,ACK/SYN
>>> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data 
>>> flags:!SYN,RST,ACK/SYN
>>> ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp dpt:ftp-data 
>>> flags:!SYN,RST,ACK/SYN
>>>
>>>
>>> I don't see anything about accepting ftp just ftp-data. Yours 
>>> explicitly states the ftp:
>>> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
>>> > ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
>>> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
>>> > ACCEPT udp -- anywhere anywhere udp dpt:fsp
>>>
>>> I also noticed Accept statements by ssh and http. Therefore I 
>>> believe that I need to add a rule to accept ftp. I would appreciate 
>>> any help on this. First, where do I look to find the rules when they 
>>> are applied? From that I can probably figure out the syntax for 
>>> accepting ftp.
>>>
>>> Thanks a lot,
>>> Eric Penne
>>>
>>>
>>> Thom Harrison wrote:
>>>
>>>> Eric,
>>>>
>>>> I'm running vsftpd on SuSE 9.0 too. I've tried to set it up as if 
>>>> it were a ReadOnly Anonymous vsftp server but with the additional 
>>>> password. You can connect to it:
>>>>
>>>> linux:/ # ftp thom.homelinux.com
>>>> Connected to ip68-225-168-172.om.om.cox.net.
>>>> 220 "Welcome to Smopuim FTP service."
>>>> Name (thom.homelinux.com:root): ftp
>>>> 331 Please specify the password.
>>>> Password: ftp$thom
>>>> 230 Login successful.
>>>> Remote system type is UNIX.
>>>> Using binary mode to transfer files.
>>>> ftp> cd etc
>>>> 250 Directory successfully changed.
>>>> ftp> dir
>>>> 229 Entering Extended Passive Mode (|||42427|)
>>>> 150 Here comes the directory listing.
>>>> -r--r--r-- 1 ftp ftp 6076 Apr 03 14:46 vsftpd.conf
>>>> -r--r--r-- 1 ftp ftp 4 Apr 03 14:46 vsftpd.userlist
>>>> 226 Directory send OK.
>>>> ftp>
>>>>
>>>> You can download my vsftpd.conf and vsftpd.userlist files. ( both 
>>>> belong in /etc/ )
>>>> /etc/vsftpd.userlist allows only specific IDs to connect.
>>>>
>>>> When I set it up I also had some directory permissions issues so 
>>>> I'm showing them below.
>>>>
>>>> linux:/ # cd /srv
>>>> linux:/srv # ll
>>>> total 16
>>>> drwxr-xr-x 4 root root 4096 Mar 14 17:42 .
>>>> drwxr-xr-x 23 root root 4096 Apr 2 23:58 ..
>>>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ftp
>>>> drwxr-xr-x 6 root root 4096 Jan 3 06:26 www
>>>>
>>>> linux:/srv # cd ftp
>>>> linux:/srv/ftp # ll
>>>> total 20
>>>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 .
>>>> drwxr-xr-x 4 root root 4096 Mar 14 17:42 ..
>>>> drwxr-xr-x 11 ftp ftp 4096 Mar 13 07:18 custom
>>>> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 etc
>>>> dr-xr-xr-x 2 ftp ftp 4096 Mar 13 06:55 knock
>>>>
>>>> linux:/srv/ftp # cd etc
>>>> linux:/srv/ftp/etc # ll
>>>> total 20
>>>> drwxr-xr-x 2 ftp ftp 4096 Mar 18 05:54 .
>>>> drwxr-xr-x 5 root root 4096 Mar 21 18:49 ..
>>>> -r--r--r-- 1 ftp ftp 6076 Apr 3 08:46 vsftpd.conf
>>>> -r--r--r-- 1 ftp ftp 4 Apr 3 08:46 vsftpd.userlist
>>>> linux:/srv/ftp/etc #
>>>>
>>>> netstat -a | head shows: ( ftp is port 21 )
>>>>
>>>> tcp 0 0 *:ftp *:* LISTEN
>>>>
>>>> iptables -L shows:
>>>>
>>>> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
>>>> ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
>>>> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
>>>> ACCEPT udp -- anywhere anywhere udp dpt:fsp
>>>>
>>>>
>>>> I've also got a manual vsftpd iptables -L rule that I can run in 
>>>> /custom/cmds/afa
>>>> You can download that too.
>>>>
>>>> afa=Allow Ftp Access
>>>> awa=Allow Web Access
>>>> asa=Allow Ssh Access
>>>> ava=Allow Vnc Access
>>>>
>>>> Since I'm simply playing around with these things I generally don't 
>>>> keep them accessible, so I run the appropriate script when needed.
>>>>
>>>>
>>>> Eric Penne wrote:
>>>>
>>>>> I can't seem to get vsftpd to accept a connection on a newly 
>>>>> installed Suse 9 machine. http and ssh work but not ftp.
>>>>>
>>>>> netstat -pant:
>>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 760/portmap
>>>>> tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 1873/X
>>>>> tcp 0 0 XXX.XXX.XXX.36:21 0.0.0.0:* LISTEN 2786/vsftpd
>>>>> tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 931/cupsd
>>>>> tcp 0 0 :::80 :::* LISTEN 1962/httpd2-prefork
>>>>> tcp 0 0 :::22 :::* LISTEN 827/sshd
>>>>>
>>>>>
>>>>>
>>>>> I told it to listen to my IP address. If I remove the manual ip 
>>>>> address line from the vsftpd file it listens on 0.0.0.0:21. I can 
>>>>> ftp to the machine from itself but I can't connect from any 
>>>>> outside machines with either address. I'd be happy to give you the 
>>>>> main address but I'm still inthe process of shutting down services 
>>>>> and reading the config files closely.
>>>>>
>>>>> All the lines in hosts.allow are commented out.
>>>>>
>>>>> hosts.deny:
>>>>> http-rman : ALL EXCEPT LOCAL
>>>>>
>>>>>
>>>>> do I need to specifically add something to hosts.allow to allow 
>>>>> outside machines?
>>>>>
>>>>> I notice that the 2 external services that are working look like 
>>>>> they have ::: instead of x.x.x.x for IPs. Is that significant.
>>>>>
>>>>> I don't think I configured a firewally on this machine but I'm not 
>>>>> ruling it out. How do I check to see if I have any rules that may 
>>>>> be impeding?
>>>>>
>>>>> Thanks
>>>>> Eric Penne
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> http://lists.olug.org/mailman/listinfo/olug
>>>>>
>>>> _______________________________________________
>>>> OLUG mailing list
>>>> OLUG at olug.org
>>>> http://lists.olug.org/mailman/listinfo/olug
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> OLUG mailing list
>>> OLUG at olug.org
>>> http://lists.olug.org/mailman/listinfo/olug
>>>
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> http://lists.olug.org/mailman/listinfo/olug
>
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list