On 05/24/18 12:55, Todd Chester wrote: > > > On 05/23/2018 08:56 PM, Ed Greshko wrote: >> # firewall-cmd --info-zone=FedoraWorkstation >> FedoraWorkstation (active) >> target: default >> icmp-block-inversion: no >> interfaces: enp0s3 >> sources: >> services: dhcpv6-client ssh samba-client mdns ftp >> ports: 1025-65535/udp 1025-65535/tcp >> protocols: >> masquerade: no >> forward-ports: >> source-ports: >> icmp-blocks: >> rich rules: >> >> note that services shows "ftp". > > > Ah Ha! > > # firewall-cmd --info-zone=FedoraWorkstation > FedoraWorkstation > target: default > icmp-block-inversion: no > interfaces: > sources: > services: dhcpv6-client ssh samba-client > ports: 1025-65535/udp 1025-65535/tcp > protocols: > masquerade: no > forward-ports: > source-ports: > icmp-blocks: > rich rules: > > > # systemctl status vsftpd > ● vsftpd.service - Vsftpd ftp daemon > Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor pres> > Active: active (running) since Tue 2018-05-22 21:42:26 PDT; 24h ago > Process: 13218 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exite> > Main PID: 13219 (vsftpd) > Tasks: 1 (limit: 4915) > Memory: 1.3M > CGroup: /system.slice/vsftpd.service > └─13219 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf > > May 22 21:42:26 server.storall.local systemd[1]: Stopped Vsftpd ftp daemon. > May 22 21:42:26 server.storall.local systemd[1]: Starting Vsftpd ftp daemon... > May 22 21:42:26 server.storall.local systemd[1]: Started Vsftpd ftp daemon. > > Systemd sure thinks it is a service There is *no* connection between vsftpd and the firewalld. They are both "services" as far as systemd is concerned. > > > > # firewall-cmd --zone=public --add-port=21/tcp --permanent > Warning: ALREADY_ENABLED: 21:tcp > success > > # firewall-cmd --zone=public --add-port=20/tcp --permanent > Warning: ALREADY_ENABLED: 20:tcp > success > > # firewall-cmd --zone=public --add-port=10090-10100/tcp --permanent > Warning: ALREADY_ENABLED: 10090-10100:tcp > success You need to be certain what zone is actually being used. That is why I asked you to run... firewall-cmd --get-active-zones Are you certain the "public" zone is assigned to the interface? I have one system here running KDE and for sure the active interfaces are in the "public" zone. [root@meimei ~]# firewall-cmd --get-active-zones public interfaces: enp2s0 wlp0s29u1u2 but on my Gnome VM .... [root@f27gq ~]# firewall-cmd --get-active-zones FedoraWorkstation interfaces: enp0s3 So, what is your output of.... "firewall-cmd --get-active-zones" It would make no sense to make "ftp" available on the "public" zone if the interface is using a different zone. Also, I wouldn't use manual method of opening ports when it comes to ftp. The reason is that I'm not certain that doing it that way will cause the module nf_conntrack_ftp to be loaded. -- Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/273OQJ2WP2DAECCY7WG2J3KHW7DJ3OI2/
