Under CentOS 4.4 (and presumably RedHat 4.4), to get vsftpd to work you must go into /etc/sysconfig/iptables-config and change IPTABLES_MODULES="" to IPTABLES_MODULES="ip_conntrack_ftp" then enter /etc/init.d/iptables condrestart.
-----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of José L. Ramírez Sent: February 23, 2007 15:20 To: [email protected] Subject: Re: Pure-ftpd & Firewall Hi, Yes, everything seems to work fine until a LIST command is issued from the client... Thanks. -----Original Message----- From: Alan Altmark [mailto:[EMAIL PROTECTED] Sent: Friday, February 23, 2007 4:12 PM To: [email protected] Subject: Re: Pure-ftpd & Firewall On Friday, 02/23/2007 at 03:57 AST, José L. Ramírez <[EMAIL PROTECTED]> wrote: > We are trying to "open" a pure-ftpd server with SSL support (SLES9) so that > external customers can transfer files to us in a secure manner. Internally > everything is working fine; we are able to connect to the server using an SSL > FTP client (Filezilla). The problem is with external connections, after the > client accepts the certificate and authentication takes places, the connection > is "broken", this happens with both active and passive mode. We are specifying > the parameter PassivePortRange in the pure-ftpd.conf file and we also opened > the port range specified in the PassivePortRange in the firewall. Does someone > have been able to successfully implement something like this? Has the client opened the necessary holes in their firewall as well? The downside of encrypted FTP is that the PORT command can't be seen by stateful firewalls. Hence the need for PassivePortRange. As a guess, everything works until a DIR, NLST, GET, or PUT is issued? I.e. HELP and SYST work ok after sign-in? Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 [Scanned by McAfee] ----------------------------------------- Scanned by Triple-S *************************Attention************************* This electronic message, including any attachments, contains information that may be legally confidential and/or privileged. The information is intended solely for the individual or entity named above and access by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error and delete it from your system. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review retransmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient or delegate is strictly prohibited. If you received this in error please contact the sender and delete the material from any computer. The integrity and security of this message cannot by guaranteed on the Internet. The Sender accepts no liability for the content of this e-mail or for the consequences of any actions taken on basis of the information provided. The recipient should check this e-mail and any attachments for the presence of viruses. The sender accepts no liability for any damage caused by any virus transmitted by this e-mail. This disclaimer is the property of the TTC and must not be altered or circumvented in any manner.
