Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
VSFTP running behind a firewall
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 5:00 am    Post subject: VSFTP running behind a firewall Reply with quote

Hello, I managed to get vsftp server running. My network is rather complex so I will just talk about the router that I am fairly sure is giving me porblems. I have 3 routers in series, 1 is connected to the inet and 3 is to the server. If I type in the FTP of anything on my network I get forwareded to the linux box and everything is great. It is only loging on from outside... what do I need to do to get this to work? I have tried passive move, active mode... everything I can think of... and it still gives me the same errors, connection refused.

ftp> open Ip_address //this is my IP
ftp: connect: Connection refused

but
ftp> open tux
Connected to tux.workgroup.
220 Welcome to my server
Name (tux:me):


On router 1, I have forwared ports 64000-65000 20 and 21 to this box... and it still doesn't like it... here is my vsftpd.conf file:


background=YES
listen=YES
pasv_enable=YES
pasv_min_port=64000
pasv_max_port=65000
pasv_address=my_Ip


# Allow anonymous FTP?
#anonymous_enable=yes

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=770

# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES

# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES

# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES

# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES

# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever

# Activate logging of uploads/downloads.
xferlog_enable=YES

# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES

# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log

# You may change the default value for timing out an idle session.
idle_session_timeout=600

# You may change the default value for timing out a data connection.
data_connection_timeout=600

# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
nopriv_user=ftpuser

# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES

# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES

# You may fully customise the login banner string:
ftpd_banner=Welcome to my Server

# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
deny_email_enable=YES
# (default follows)
banned_email_file=/etc/vsftpd/vsftpd.banned_emails

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES


Thanks a lot...
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 6:28 am    Post subject: Reply with quote

Code:
netstat -pnat | grep :21

What IP is vsftp binding to?

Also, what's the log say?
Back to top
View user's profile Send private message
pharaoh
Apprentice
Apprentice


Joined: 20 Nov 2003
Posts: 211
Location: Pennsylvania

PostPosted: Fri Dec 10, 2004 2:08 pm    Post subject: Reply with quote

I don't have my server behind a router anymore, but I did when I was testing it and it worked fine. Only difference is that I used xinetd to run it instead of standalone. You have some lines in your config that I didn't even need. Hope this helps!

Here's my conf:
Code:
# Allow anonymous FTP?
anonymous_enable=NO

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022

# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES

# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES

# Activate directory messages - messages given to remote users when they
# go into a certain directory.
#dirmessage_enable=YES

# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES

# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=NO
#chown_username=

# Activate logging of uploads/downloads.
xferlog_enable=YES

# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES

# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd/vsftpd.log

# You may change the default value for timing out an idle session.
idle_session_timeout=300

# You may change the default value for timing out a data connection.
data_connection_timeout=120

# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
nopriv_user=nobody

# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
async_abor_enable=YES

# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES

# You may fully customise the login banner string:
ftpd_banner=Welcome
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/vsftpd.banned_emails

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
chroot_local_user=NO
passwd_chroot_enable=NO
# (default follows)
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES

# Rate for local authenticated users
#local_max_rate=0

# Rate for anonymous users
#anon_max_rate=0

max_clients=5
max_per_ip=1

pasv_min_port=40000
pasv_max_port=50000

# Try setting this to something like 8192
# for a much smoother bandwidth limiter.
#trans_chunk_size=8192

_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 9:08 pm    Post subject: Reply with quote

# netstat -pnat | grep :21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7778/vsftpd

I dont' know what this means but I am thinking that there are a lot of 0's is probibly a bad thing... how do I run this from xinted? Umm... the log doesn't say anything about anything reacent.
Back to top
View user's profile Send private message
pharaoh
Apprentice
Apprentice


Joined: 20 Nov 2003
Posts: 211
Location: Pennsylvania

PostPosted: Fri Dec 10, 2004 9:20 pm    Post subject: Reply with quote

I think the zeros are ok, but what's your /etc/hosts file look like anyways?

If you have xinetd installed already, edit the /etc/xinetd.d/vsftp file...here's mine:
Code:
service ftp
{
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/vsftpd
        server_args     = /etc/vsftpd/vsftpd.conf
        log_on_success  += DURATION USERID
        log_on_failure  += USERID
        nice            = 10
        disable         = no
#       flags           = IPv6
}

The main things are "disable = no" or xinetd won't start it, and take out the line for "only from = " or edit it if you have an address you only want to be able to access ftp. Then in your /etc/vsftpd/vsftpd.conf you need to change 2 lines to
Code:
background=NO
listen=NO

or just comment them out. Let's see if this helps...
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 9:33 pm    Post subject: Reply with quote

asterix404 wrote:
# netstat -pnat | grep :21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7778/vsftpd

I dont' know what this means but I am thinking that there are a lot of 0's is probibly a bad thing... how do I run this from xinted? Umm... the log doesn't say anything about anything reacent.

Nah, that's good.

I like using xinetd myself because it doesn't run vsftpd unless needed. Do what pharaoh said and also add
Code:
only_from       = 0.0.0.0/0
to the service. I don't see how this would fix your access problem, but it's worth a shot.
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 9:35 pm    Post subject: Reply with quote

Also, did you check in /var/log/messages? Run
Code:
tail -f /var/log/messages
on the server and then have someone try to connect to it from the outside world.
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 10:04 pm    Post subject: Reply with quote

I don't have that document alas... I coppied the conf file that was posted and now i run that netstat call and it comes up blank, I think since it is recomentded that I run it from xinted that I will try that... any suggestions... oh yea and thanks a lot
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 10:27 pm    Post subject: Reply with quote

9013/xinetd
tcp 0 0 127.0.0.1:61039 0.0.0.0:* LISTEN

this is a good thing right? but now how do I get it to be the ip address of my comp and will that make it stop giving me the conection refused?
Back to top
View user's profile Send private message
pharaoh
Apprentice
Apprentice


Joined: 20 Nov 2003
Posts: 211
Location: Pennsylvania

PostPosted: Fri Dec 10, 2004 10:37 pm    Post subject: Reply with quote

Not sure if this matters, but do you maybe need this
Code:
<*>   FTP protocol support

in your kernel? If you don't know where it's located, it's in
Code:
Device Drivers  --->  Networking support  --->  Networking options  --->  Network packet filtering (replaces ipchains)  --->  IP: Netfilter Configuration  --->

for 2.6.9-r1 gentoo-dev-sources at least.

I don't think it matters that you're all zeros there...check me out:
Code:
cybertron linux # netstat -aunpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:32768           0.0.0.0:*               LISTEN      6966/rpc.statd     
tcp        0      0 0.0.0.0:32769           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:51234           0.0.0.0:*               LISTEN      7202/server_linux   
tcp        0      0 0.0.0.0:901             0.0.0.0:*               LISTEN      7306/xinetd         
tcp        0      0 0.0.0.0:805             0.0.0.0:*               LISTEN      6986/rpc.mountd     
tcp        0      0 0.0.0.0:14534           0.0.0.0:*               LISTEN      7202/server_linux   
tcp        0      0 0.0.0.0:3784            0.0.0.0:*               LISTEN      6496/ventrilo_srv   
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      7144/smbd           
tcp        0      0 0.0.0.0:19150           0.0.0.0:*               LISTEN      6778/gkrellmd       
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      6949/portmap       
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6379/apache2       
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      7306/xinetd         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      6365/sshd           
tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      6430/cupsd         
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      7144/smbd           
tcp        0      0 192.168.1.1:19150       192.168.1.2:32769       ESTABLISHED 6778/gkrellmd       
tcp        0      0 192.168.1.1:22          192.168.1.2:34658       ESTABLISHED 18339/sshd: pharaoh
udp        0      0 0.0.0.0:32768           0.0.0.0:*                           6966/rpc.statd     
udp        0      0 0.0.0.0:2049            0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:32770           0.0.0.0:*                           -                   
udp        0      0 192.168.1.1:137         0.0.0.0:*                           7147/nmbd           
udp        0      0 0.0.0.0:137             0.0.0.0:*                           7147/nmbd           
udp        0      0 192.168.1.1:138         0.0.0.0:*                           7147/nmbd           
udp        0      0 0.0.0.0:138             0.0.0.0:*                           7147/nmbd           
udp        0      0 0.0.0.0:782             0.0.0.0:*                           6966/rpc.statd     
udp        0      0 0.0.0.0:802             0.0.0.0:*                           6986/rpc.mountd     
udp        0      0 0.0.0.0:8767            0.0.0.0:*                           7202/server_linux   
udp        0      0 0.0.0.0:67              0.0.0.0:*                           6685/dhcpd         
udp        0      0 0.0.0.0:68              0.0.0.0:*                           6204/dhcpcd         
udp        0      0 0.0.0.0:111             0.0.0.0:*                           6949/portmap       
udp        0      0 0.0.0.0:631             0.0.0.0:*                           6430/cupsd         
udp        0      0 127.0.0.1:123           0.0.0.0:*

_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 11:09 pm    Post subject: Reply with quote

if that isn't checked or anything... is that bad, and should this be a module?
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 11:15 pm    Post subject: Reply with quote

No, you don't need that in your kernel.

Binding to the ip 0.0.0.0:21 for local and 0.0.0.0:* for foreign is correct. You should have xinetd listening on port 21, though. Do you?
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 11:22 pm    Post subject: Reply with quote

I don't think so... it's linsening to port like 61800 or something of that nature... how do I get it to listen to port 21 as well as to apparently just listen?


7234/xinetd
tcp 0 0 192.168.2.150:32819 205.188.1.104:5190 ESTABLISHED

as a note 32819 is not being forwared nor is it in my vsftpd.conf
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 11:27 pm    Post subject: Reply with quote

So you've got a /etc/xinetd.d/vsftpd with this in it?
Code:
service ftp
{
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/vsftpd
        server_args     = /etc/vsftpd/vsftpd.conf
        only_from       = 0.0.0.0/0
        log_on_success  += DURATION USERID
        log_on_failure  += USERID
        nice            = 10
        disable         = no
#       flags           = IPv6
}


If you've got that, you should just restart xinetd (/etc/init.d/xinetd restart) and it should listening to port 21.
Back to top
View user's profile Send private message
pharaoh
Apprentice
Apprentice


Joined: 20 Nov 2003
Posts: 211
Location: Pennsylvania

PostPosted: Fri Dec 10, 2004 11:40 pm    Post subject: Reply with quote

Come on restart it!! I wanna know if it's workin!! :D
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 11:41 pm    Post subject: Reply with quote

alrighty then, here is my /etc/xinted.d/vsftpd

Quote:
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
server_args = /etc/vsftpd/vsftpd.conf
only_from = 0.0.0.0/0
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
disable = no
flags = IPv6
}


my xinted.conf
Quote:
defaults
{
only_from = localhost
instances = 60
log_type = SYSLOG authpriv info
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}

includedir /etc/xinetd.d


my hosts folder
127.0.0.1 localhost

the results from
netstat -pnat | grep :21

there is only a charage return... so nothing
results from netstat -pnat

Quote:
tcp 0 0 0.0.0.0:16001 0.0.0.0:* LISTEN 7021/esd
tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN 7234/xinetd
tcp 0 0 192.168.2.150:32811 205.188.1.104:5190 ESTABLISHED 7587/gaim
tcp 0 0 192.168.2.150:32805 205.188.5.216:5190 ESTABLISHED 7587/gaim
tcp 0 0 192.168.2.150:32810 64.12.201.34:5190 ESTABLISHED 7587/gaim
tcp 0 0 192.168.2.150:32809 64.12.165.81:5190 ESTABLISHED 7587/gaim



This is very wierd I have never ever had these problems before... thanks a lot for your help...
Back to top
View user's profile Send private message
pharaoh
Apprentice
Apprentice


Joined: 20 Nov 2003
Posts: 211
Location: Pennsylvania

PostPosted: Fri Dec 10, 2004 11:44 pm    Post subject: Reply with quote

in xinetd.conf you HAVE to change the "only from" to something else than localhost, or just comment it out, or do the 0.0.0.0/0 thing again (I think that's the same as just commenting it out though). If you leave it alone than you can only connect from the server itself. Change that and restart again :D

Also, if you don't want SWAT running (the Samba config webpage tool) go into /etc/xinetd.d/swat and set "disable = yes". It's currently running on port 901 it would seem.

Sean, I know you said you don't need that FTP module, but that one includes the ftp_conntrack_ip and I thought that was necessary for the way vsftpd does passive?
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 11:50 pm    Post subject: Reply with quote

comment out the ipv6 line.
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 11:50 pm    Post subject: Reply with quote

indeed it is... my samba server is strickly inhouse and is working very nicely... now to get this pecky other htingy working... the netstat for 21 still isn't changing but I did a an eth0 restart and got xinted to finialy start listening again
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 11:53 pm    Post subject: Reply with quote

holy crap it worked....root@tux xinetd.d
# netstat -pnat | grep :21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN

so now that is conected to the ftp thing on port 21... 20 is blank, and I still can not get into the system from hte outside. I do need to have port 20 open for the data transfer right? It is open through and routed through all of my rounters to the gentoo box


Last edited by asterix404 on Fri Dec 10, 2004 11:55 pm; edited 1 time in total
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 11:55 pm    Post subject: Reply with quote

pharaoh,

If you use the Linux firewall, you may need that module otherwise I am pretty sure you don't (what made you think this? got a link to some docs with it in there?)

The only_from in the xinetd.conf can remain there for a default. You can override it in each daemon config.
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 11:56 pm    Post subject: Reply with quote

asterix404 wrote:
holy crap it worked....root@tux xinetd.d
# netstat -pnat | grep :21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN

so now that is conected to the ftp thing on port 21... 20 is blank, and I still can not get into the system from hte outside. I do need to have port 20 open for the data transfer right? It is open through and routed through all of my rounters to the gentoo box

Cool, what fixed it?
Back to top
View user's profile Send private message
asterix404
Apprentice
Apprentice


Joined: 05 Nov 2004
Posts: 213

PostPosted: Fri Dec 10, 2004 11:58 pm    Post subject: Reply with quote

I do indeed have a linksys firewall and since I have to update my kernel to the r9 I will comile it in anyway... hmm... would this automaticlly be done in genkernel cuz my first one that I set up did this perfectly.

Last edited by asterix404 on Sat Dec 11, 2004 12:00 am; edited 1 time in total
Back to top
View user's profile Send private message
seank
l33t
l33t


Joined: 08 Jul 2004
Posts: 686

PostPosted: Fri Dec 10, 2004 11:59 pm    Post subject: Reply with quote

I've never used genkernel, not sure what it even does (generates a kernel config?)

Why do you need to transfer files on port 20?
Back to top
View user's profile Send private message
pharaoh
Apprentice
Apprentice


Joined: 20 Nov 2003
Posts: 211
Location: Pennsylvania

PostPosted: Sat Dec 11, 2004 12:00 am    Post subject: Reply with quote

sean_micken wrote:
pharaoh,

If you use the Linux firewall, you may need that module otherwise I am pretty sure you don't (what made you think this? got a link to some docs with it in there?)

The only_from in the xinetd.conf can remain there for a default. You can override it in each daemon config.

About a year ago I had Gentoo on my work laptop and I wanted to transfer a bunch of files over to a Windows PC. The quickest way that came to mind was to emerge vsftpd on my laptop and grab it over the LAN. I even had vsftpd working on my server at home, but for the life of me I just COULD NOT get it to be accessible from the other computer!!! It was a bad night that I don't enjoy speaking about heheh. You'd think all the ports would be open unless you're running a firewall, but that night just threw me for a loop. I used all the same configs, xinetd, etc. and it didn't feel like working. Who knows...

(I bet you thought my explanation would be shorter :wink: )
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum