tofu
Joined: 01 Jul 2006
Posts: 29
Location: Ghent, Belgium
|
| Posted: Sat Jul 01, 2006 7:05 am Post subject: Firehol and vsFTPd |
|
|
I'm securing my linode. I'm using Firehol. But I don't manage to get vsFTPd working trough the firewall.
Here is my firehol.conf:
Code:
version 5
FIREHOL_LOG_LEVEL=4
interface eth0 internet
protection strong
server "http ftp smtp http imap ping time ssh" accept
server custom ssh tcp/6187 default accept
server ident reject with tcp-reset
server any nolog drop
client "ftp http https dhcp dns smtp time ping whois" accept
server_dhcpclient_ports="udp/67"
client_dhcpclient_ports="default"
It works when I add "server all accept", but without accepting all the server connections, it hangs when setting the passive connection to get the dirlist:
Quote:
Response: 200 Switching to ASCII mode.
Command: PASV
Response: 227 Entering Passive Mode (70,85,129,231,178,79)
Command: LIST -a
Error: Timeout detected!
Error: Could not retrieve directory listing
Some vsftpsettings:
Code:
listen=YES
connect_from_port_20=YES
ssl_enable=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
(So I want passive sftp)
I know that port 20 (ftp-data), 21 and a lot of high-number ports need to be free..
But when I open port 20 with "server custom ftp-data tcp/21 default accept" it still doesn't work..
On the official firehol website I only found this:
Quote:
Server Ports many
Client Ports many
Note: The FTP service matches both active and passive FTP connections by utilizing the FTP connection tracker kernel module.
I'm running Debian Small Unstable..
Could some give me a hint what to do?
Thanks in advantage! |
|
