[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] SuSEfirewall2 and Active ftp



Hallo suse-security,

I´m still not sure how to configure SuSEfirewall2 to get active ftp
working.

The Server is between two LANs and doing no masquerading.


from the config:


FW_FORWARD="[...] \
myip,ftpserverip,tcp,21 \
myip,ftpserverip,tcp,20"

FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"


Now if I try to establish a connection I get a connect, but when
trying to list the ftp-dir the ftp client hangs.

The firewall-log says:

  Jul 16 16:13:51 [firewallmachine] kernel: SuSE-FW-DROP-DEFAULT
  IN=eth1 OUT=eth0 SRC=[ftpserverip] DST=[myip] LEN=60 TOS=0x08
  PREC=0x00 TTL=62 ID=46457 DF PROTO=TCP SPT=20 DPT=1137 WINDOW=5840
  RES=0x00 SYN URGP=0 OPT (020405B40402080A16229CFF0000000001030300)

What else is needed to get active ftp working through SuSEfirewall2?


If I insert a rule like

  $IPTABLES -A $CHAIN -j "$ACCEPT" -m state --state
  ESTABLISHED,RELATED -d $quelle -s $ziel -p tcp --sport 20

in SuSEfirewall2-custom active ftp works again, but I don´t think
that´s the proper way? There has to be something in
/etc/sysconfig/SuSEfirewall2 I´m missing.

The Firewall machine is running SuSE8.2Professional, Kernel
2.4.20-4GB-athlon


-- 
Mit freundlichen Grüßen,
 André Sänger                         mailto:Andre.Saenger@xxxxxx



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here