Proftp block by SuSE firewall

doguibnu · May 21, 2018, 9:47pm

Hello!
How are you?

I did install Proftpd and do all config (ports, path, anon authentication). When susefirewall is off, the connection is ok for ftp. But, if susefirewall is on, it blocks connection. I opened all ports, passiveports but not work

Please, somebody can help me, how to fix this or where can I “tell” for susefirewall let proftpd works on system?

Thanks attention and help.

Douglas

deano_ferrari · May 22, 2018, 4:38am

See if this helps…
https://www.hiroom2.com/2017/08/08/opensuse-14-proftpd-en/

In particular, it mentions how to customize SuSEfirewall2 to allow for this service…

> cat <<EOF | sudo tee /etc/sysconfig/SuSEfirewall2.d/services/proftpd
## Name: ProFTPD Server
## Description: Opens ports for ProFTPD Server.
TCP="ftp 40000:40999"
EOF
> for t in FW_CONFIGURATIONS_EXT FW_CONFIGURATIONS_DMZ FW_CONFIGURATIONS_INT; do
    sudo sed -e "s/^${t}=\"\(.*\)\"/${t}=\"\1 proftpd\"/g" \
         -i /etc/sysconfig/SuSEfirewall2
done
> sudo sed -e 's/^FW_LOAD_MODULES="\(.*\)"/FW_LOAD_MODULES="\1 ip_conntrack_ftp"/g' \
       -i /etc/sysconfig/SuSEfirewall2
> sudo systemctl restart SuSEfirewall2

doguibnu · May 22, 2018, 9:39pm

Hello Friends,

After read “google” My proftpd works with these steps:

1 - Create an user **anonftp **inside ftp group
sudo useradd anonftp -M -N -g ftp

2 - change owner to access folder /srv/ftp
sudo chown anonftp:ftp **/srv/ftp
**
3 - Now I will show my proftpd.conf only where change lines from **proftpd.conf **Of course, use your settings for your scenario.

# Port 21 is the standard FTP port.
Port 2222

# FireWall PortRange for PASV
PassivePorts 30000 30100

# Set the user and group under which the server will run.
User anonftp
Group ftp

### PAM Authentication
# AuthPAM: default: on
AuthPAM on

**# ------------------------------

Anonymous Settings

------------------------------**

A basic anonymous configuration, no upload directories. If you do not

want anonymous users, simply delete this entire <Anonymous> section.

<Anonymous ~ftp>
# Limit LOGIN
<Limit LOGIN>
AllowAll
# Allow from .examples.net,113.141.114.1
# Deny from All
</Limit>

Save your proftpd.conf

4 - sudo yast2

Go to **Services **- Advanced

https://ibb.co/fuFJko

Insert ftp port, data port and PassivePorts :
20 21 2222 30000:30100 (insert as you see)
and click on **OK

**Now go to Custom Rules

https://ibb.co/bKitJ8

Do the rule of each port

Lan from (your lan) Protocol (tcp) Destination Port (30100) Origin Port (30100)
Lan from (your lan) Protocol (tcp) Destination Port (20) Origin Port (20)
Lan from (your lan) Protocol (tcp) Destination Port (2222) Origin Port (2222)
Lan from (your lan) Protocol (tcp) Destination Port (30000) Origin Port (30000)
Lan from (your lan) Protocol (tcp) Destination Port (21) Origin Port (21)

Now on Yast2 go to System - Services Manager

And search **proftpd

https://ibb.co/n5usd8

Start and Enable service

**Click on **OK

****5 - Restart the system

**6 - Access the FTP

https://ibb.co/iRNOko

I hope that help you

Thanks

Douglas

doguibnu · May 23, 2018, 2:10pm

Yesterday I try to insert print screen about steps.

Hello Friends,

After read “google” My proftpd works with these steps:

1 - Create an user **anonftp **inside ftp group
sudo useradd anonftp -M -N -g ftp

2 - change owner to access folder /srv/ftp
sudo chown anonftp:ftp **/srv/ftp
**
3 - Now I will show my proftpd.conf only where change lines from **proftpd.conf **Of course, use your settings for your scenario.

# Port 21 is the standard FTP port.
Port 2222

# FireWall PortRange for PASV
PassivePorts 30000 30100

# Set the user and group under which the server will run.
User anonftp
Group ftp

### PAM Authentication
# AuthPAM: default: on
AuthPAM on

**# ------------------------------

Anonymous Settings

------------------------------**

A basic anonymous configuration, no upload directories. If you do not

want anonymous users, simply delete this entire <Anonymous> section.

<Anonymous ~ftp>
# Limit LOGIN
<Limit LOGIN>
AllowAll
# Allow from .examples.net,113.141.114.1
# Deny from All
</Limit>

Save your proftpd.conf

4 - sudo yast2

Go to **Security and users - Firewall - Allow ****Services **- Advanced

Insert ftp port, data port and PassivePorts :
20 21 2222 30000:30100 (insert as you see)
Click on **OK

**Now go to Custom Rules

Do the rule of each port:

Lan from (your lan) Protocol (tcp) Destination Port (30100) Origin Port (30100)
Lan from (your lan) Protocol (tcp) Destination Port (20) Origin Port (20)
Lan from (your lan) Protocol (tcp) Destination Port (2222) Origin Port (2222)
Lan from (your lan) Protocol (tcp) Destination Port (30000) Origin Port (30000)
Lan from (your lan) Protocol (tcp) Destination Port (21) Origin Port (21)

Now on Yast2 go to System - Services Manager

Search **proftpd

Start and Enable service

**Click on **OK

****5 - Restart the system

****6 - Access the FTP
**

I hope that help you

Thanks

Douglas