Try temorarily stopping your iptables altogether, then do a quick test of ftp & telnet (as long as telnet server is activated in inetd.
I need to figure that out. Would this work: -A <INPUT_RULE> -p tcp -m tcp --dport 0:1023 --syn -j ACCEPT or should I go with: *filter :INPUT ACCEPT [0:1023] :FORWARD ACCEPT [0:1023] :OUTPUT ACCEPT [0:1023]
Right not my tables look like:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:<INPUT_RULE> - [0:0]
-A INPUT -j <INPUT_RULE>
-A FORWARD -j <INPUT_RULE>
-A <INPUT_RULE> -p tcp -m tcp --dport 20 --syn -j ACCEPT
-A <INPUT_RULE> -p tcp -m tcp --dport 21 --syn -j ACCEPT
... opening rules
-A <INPUT_RULE> -p tcp -m state --state NEW,INVALID,ESTABLISHED,RELATED -i eth0 --dport 20:21 -j LOG --log-prefix "NetF FTP Failure: "
<reject rules>
... with my other specific port openings and closing rules. I thought I would try to catch any messages for the two FTP ports.
Earlier I said to look in init.d but meant in /etc/inetd.d, and to look in the vsftpd file in there. Sorry about the typo. But either way, it was just to show how you can see it is a tcp service, but Jason covers it better anyway.Actually, I don't have an /etc/inetd.d folder, but I do have an init.d, which is where I found the vsftpd file that it appears /sbin/service uses. It doesn't mention stream in it.
As far as the ftp to localhost failing, is that a vsftpd setting or are you not allowing local loopback in your firewall (I expect that would be a requirement for ftp localhost)
That was a local setting. I had set the listen_address directive in the vsftpd config file. I removed it and restarted vsftpd, and I am now able to ftp in using localhost, <localhost IP>, mydomain and <mydomain IP>.
So just to get the picture straight, you have only one system and it is the ftp server, and you can access it locally via the hostname or your external IP, but not using localhost or 127.0.0.1?
And machines upstream (on the Internet) cannot get to your ftp service. Have you looked at the logs since you moved the --log string above the ftp rules?
I have a single system which is hosting an FTP server, among other services. I can access the FTP service from that single system, whether I'm accessing it as mydomain, localhost, or their respective IP addresses. I cannot access the FTP service from my machine at home. I have other services open, such as HTTP, SMTP and DNS, and access the system without a problem on all of the other services.
I have temporarily released the system's firewall block on telnet, and cannot access the telnet port. I have also just checked, and I cannot access the system's SMTP port via telnet from this machine, even though I am receiving email on that system. That's what's making me wonder whether I am having connectivity headaches with my dialup machine.
The system connects to a switch which is then connected to the DSL modem for its Internet connection. There is another network that also runs off that same switch, but there is nothing from that other network which connects to my network, nor is there any other network element between the system and the modem, other than the cables... :-)
I am unable to locate any logging messages regarding vsftpd in /var/log/messages. I'm not able to locate any messages in /var/log/messages, or any other log, with a grep for NetF, as set up in iptables for that rule to log anything incoming on port 21.
I need to test from another network point to eliminate the possibility of a problem with my dialup machine and its firewall (sorry... :-) Win2k and McAfee firewall), and I hope to get that done in the next couple of hours. I am able to ftp from my local machine to other FTP servers, such as ftp.fcc.gov.
-Bob
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list