On December 18, 2003 06:56 am, Bob Smith wrote: > Craig, > > I'll look into this in a little while. It looks like a viable alternative. > > However, I think I may have found the problem. I was surfing about 1pm > local, and found an errata listing for vsftpd and RH9. It seems that > there were two packaged sets that went out without vsftpd being compiled > against tcp-wrappers. There's an RPM available to fix that problem, so > I'm going to apply that RPM first and see if that solves the problem. > > Thanks everyone for your input. > > -Bob That sounds like you've found the cause and solution. If not, (or anyway) you should check your logs, and also add a LOG entry to the firewall DENY or REJECT line to see whats happening at the firewall. Depending on your exact rules, add something like this, just blow your FTP ACCEPT Rules, and ABOVE the RETURN line in a user chain, as in: ftp accept rules... $IPTABLES -A FTP_CHAIN -p tcp -m state --state NEW -i $EXT_IF \ --dport $FTP_PORTS -j LOG --log-prefix "NetF FTP Failure: " ... RETURN if in user chain ...then the drop line later in rules -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
