ftp service only possible after manual Firewall change

stamcose · December 8, 2009, 8:28am

With the default setting of the Firwall (installation CD) no ftp service will work. YaST does not do this change for you when you download ftp sevice from repository!

What one has to do:

Computer => YaST => Security and Users => Firewall => Interfaces

eth0 is assigned to “external zone”!

If you do not change this, then:

=> Allowed service

Allow pure-ftpd (or vsftpd)

hcvv · December 8, 2009, 11:02am

Of course your firewall is not opened for evry program that happened to be installed. I bet there are a lot of inetrnet serving programs on your system you do not even know what they would do when running. A lot of those are never used and opening the firewall would make the firewall useless.

YaST often does open the firewaall for services you start/configure using YaST. I do not know if you used YaST to start your ftp-server. But when you do this without YaST then, again of course, YaST does not open the firewall.

Chrysantine · December 8, 2009, 1:11pm

As hcvv pointed out - no service will automatically open a port in the firewall which is an intended feature - it would expose various services that you might not want accessible merely because you have them installed.

stamcose · December 8, 2009, 1:20pm

I did everything with YaST:

Install Software => Software Mangement => Download pure-ftpd

Network Services => Network Services (xinetd) => Toggle pure-ftpd on

Now xinetd starts automatically at boot and listens to port 21

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2044/portmap
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      2363/xinetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2366/sshd
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      2150/cupsd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2292/master
tcp        0      0 :::22                   :::*                    LISTEN      2366/sshd
tcp        0      0 ::1:631                 :::*                    LISTEN      2150/cupsd
tcp        0      0 ::1:25                  :::*                    LISTEN      2292/master

But there is nothing to hear! No ftp attachment request gets through the Firewall!

hcvv · December 8, 2009, 1:44pm

Well, it looks to me you did it the correct way. I, like you, would have thought that working this way would open port 21 in the firewall.

When you can document it as we have it now (an exact description of what you did and what you saw happening), that may be something to report at https://bugzilla.novell.com/index.cgi

stamcose · December 8, 2009, 5:40pm

Bug 561647 Submitted

hcvv · December 8, 2009, 10:07pm

I think that describes it clear enough.