Results 1 to 4 of 4

Thread: Proftp block by SuSE firewall

  1. #1
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    88

    Default Proftp block by SuSE firewall

    Hello!
    How are you?

    I did install Proftpd and do all config (ports, path, anon authentication). When susefirewall is off, the connection is ok for ftp. But, if susefirewall is on, it blocks connection. I opened all ports, passiveports but not work

    Please, somebody can help me, how to fix this or where can I "tell" for susefirewall let proftpd works on system?

    Thanks attention and help.

    Douglas

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,695
    Blog Entries
    1

    Default Re: Proftp block by SuSE firewall

    See if this helps....
    https://www.hiroom2.com/2017/08/08/o...14-proftpd-en/

    In particular, it mentions how to customize SuSEfirewall2 to allow for this service....
    Code:
    > cat <<EOF | sudo tee /etc/sysconfig/SuSEfirewall2.d/services/proftpd
    ## Name: ProFTPD Server
    ## Description: Opens ports for ProFTPD Server.
    TCP="ftp 40000:40999"
    EOF
    > for t in FW_CONFIGURATIONS_EXT FW_CONFIGURATIONS_DMZ FW_CONFIGURATIONS_INT; do
        sudo sed -e "s/^${t}=\"\(.*\)\"/${t}=\"\1 proftpd\"/g" \
             -i /etc/sysconfig/SuSEfirewall2
    done
    > sudo sed -e 's/^FW_LOAD_MODULES="\(.*\)"/FW_LOAD_MODULES="\1 ip_conntrack_ftp"/g' \
           -i /etc/sysconfig/SuSEfirewall2
    > sudo systemctl restart SuSEfirewall2

  3. #3
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    88

    Default Re: Proftp block by SuSE firewall (solved)

    Hello Friends,

    After read "google" My proftpd works with these steps:

    1 - Create an user anonftp inside ftp group
    sudo useradd anonftp -M -N -g ftp

    2 - change owner to access folder /srv/ftp
    sudo chown anonftp:ftp /srv/ftp

    3 - Now I will show my proftpd.conf only where change lines from proftpd.conf Of course, use your settings for your scenario.

    # Port 21 is the standard FTP port.
    Port 2222

    # FireWall PortRange for PASV
    PassivePorts 30000 30100

    # Set the user and group under which the server will run.
    User anonftp
    Group ftp

    ### PAM Authentication
    # AuthPAM: default: on
    AuthPAM on

    # ------------------------------
    # Anonymous Settings
    # ------------------------------

    # A basic anonymous configuration, no upload directories. If you do not
    # want anonymous users, simply delete this entire <Anonymous> section.
    <Anonymous ~ftp>
    # Limit LOGIN
    <Limit LOGIN>
    AllowAll
    # Allow from .examples.net,113.141.114.1
    # Deny from All
    </Limit>

    Save your proftpd.conf

    4 - sudo yast2

    Go to Services - Advanced



    Insert ftp port, data port and PassivePorts :
    20 21 2222 30000:30100 (insert as you see)
    and click on OK

    Now go to Custom Rules



    Do the rule of each port

    Lan from (your lan) Protocol (tcp) Destination Port (30100) Origin Port (30100)
    Lan from (your lan) Protocol (tcp) Destination Port (20) Origin Port (20)
    Lan from (your lan) Protocol (tcp) Destination Port (2222) Origin Port (2222)
    Lan from (your lan) Protocol (tcp) Destination Port (30000) Origin Port (30000)
    Lan from (your lan) Protocol (tcp) Destination Port (21) Origin Port (21)


    Now on Yast2 go to System - Services Manager

    And search proftpd



    Start and Enable service

    Click on OK

    5 - Restart the system

    6 - Access the FTP



    I hope that help you

    Thanks

    Douglas

  4. #4
    Join Date
    Oct 2014
    Location
    Brazil
    Posts
    88

    Default Re: Proftp block by SuSE firewall (solved) more clear

    Yesterday I try to insert print screen about steps.


    Hello Friends,

    After read "google" My proftpd works with these steps:

    1 - Create an user anonftp inside ftp group
    sudo useradd anonftp -M -N -g ftp

    2 - change owner to access folder /srv/ftp
    sudo chown anonftp:ftp /srv/ftp

    3 - Now I will show my proftpd.conf only where change lines from proftpd.conf Of course, use your settings for your scenario.

    # Port 21 is the standard FTP port.
    Port 2222

    # FireWall PortRange for PASV
    PassivePorts 30000 30100

    # Set the user and group under which the server will run.
    User anonftp
    Group ftp

    ### PAM Authentication
    # AuthPAM: default: on
    AuthPAM on

    # ------------------------------
    # Anonymous Settings
    # ------------------------------

    # A basic anonymous configuration, no upload directories. If you do not
    # want anonymous users, simply delete this entire <Anonymous> section.
    <Anonymous ~ftp>
    # Limit LOGIN
    <Limit LOGIN>
    AllowAll
    # Allow from .examples.net,113.141.114.1
    # Deny from All
    </Limit>

    Save your proftpd.conf

    4 - sudo yast2

    Go to Security and users - Firewall - Allow Services - Advanced

    Insert ftp port, data port and PassivePorts :
    20 21 2222 30000:30100 (insert as you see)
    Click on OK

    Now go to Custom Rules

    Do the rule of each port:

    Lan from (your lan) Protocol (tcp) Destination Port (30100) Origin Port (30100)
    Lan from (your lan) Protocol (tcp) Destination Port (20) Origin Port (20)
    Lan from (your lan) Protocol (tcp) Destination Port (2222) Origin Port (2222)
    Lan from (your lan) Protocol (tcp) Destination Port (30000) Origin Port (30000)
    Lan from (your lan) Protocol (tcp) Destination Port (21) Origin Port (21)

    Now on Yast2 go to System - Services Manager

    Search proftpd

    Start and Enable service

    Click on OK

    5 - Restart the system

    6 - Access the FTP


    I hope that help you

    Thanks

    Douglas

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •