[Lancaster] Firewall problem

[Ken Hough]

Andy,

Thanks for help.

I beleve that I have identified the problem.

The default setup for vsftpd provides for anonymous ftp using the login name 
and password of either 'ftp' or 'anonymous'.

According to <http://cr.yp.to/ftp/browsing.html>, browsers will try to login 
to ftp sites using 'USER' as the login name.

Using the XP terminal ftp client and 'USER' as the login name, it refuses the 
connection, so perhaps it's not surprising that 'windows' ftp connections 
fail.

Acording to <http://vsftpd.beasts.org/vsftpd_conf.html#lbAG>, the vsftpd 
config options include 'ftp_username' which as I understand it should set the 
login name that vsftpd uses for anonymous ftp. So far, all I get is a report 
of:
"500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':USER"

with the names 'ftp' and 'anonymous' still available.

I guest that somehow, I need to get vsftpd to accept 'USER' either instead of, 
or preferably as well as 'ftp' and 'anonymous'.


Ken Hough

On Saturday 19 September 2009 14:28:03 you wrote:
> Had another look at your email, and it does seem like the problem is
> with your firewall, but it's hard to see what's causing it.
>
> Are you sure you have both ports 20 /and/ 21 open? You could test this
> in principle by shutting down vsftp on the linux box (but not the
> firewall), and running netcat as a tcp-server on the linux box, on first
> port 21 then 20. (Netcat is a command line tool which lets you set up
> simple on-the-fly servers on different ports). Then see what happens if
> you use windows's telnet program to connect to the netcat server - any
> text you type into telnet should be echoed by netcat.
>
> Another thought - are there any windows clients that will connect using
> sftp? If you did that, you could just run ssh on the linux box, which
> uses just a single port and doesn't have so many setup options I think.
>
> andy
>
> andy baxter wrote:
> > Hi ken,
> >
> > As far as I know windows will use the same two ports - 20 and 21. Are
> > you sure the problem is with the firewall? I haven't followed your
> > description of the problem that well, but another possibility might be
> > that the ftp client you're using uses an ftp mode that your server
> > doesn't like. There are quite a few different options for how an ftp
> > transfer is set up, including the active/passive thing I said about, so
> > maybe you just need to use a different client on the windows box, or
> > configure it or the server differently?
> >
> > One thing you could try if you're desperate is to install a packet
> > logger (does wireshark work in windows?) and use that to see what's
> > going on when you try to connect.
> >
> > andy
> >
> > Ken Hough wrote:
> >> Andy,
> >>
> >> Thanks for your suggestion.
> >>
> >> I've just tried using the simple terminal ftp client that's included
> >> with Windows XP and this works OK with firewalls active on both my
> >> laptop and my Linux box.
> >>
> >> So it looks like the basic vsftp setup is OK.
> >>
> >> The problem occurs when I try to use 'windows' to do the job. ie either
> >> via "My Computer" and "My Network Places", or via Firefox. Both of these
> >> work if I disable the firewall on my Linux box, so it seems that for
> >> 'windows' operation, (an)other port/ports is/are used.
> >>
> >> Has anyone any suggestions as to what this/these might be?
> >>
> >> The reason that I want to sort this out is because:
> >>
> >> 1. I like to get things working. ;-)
> >>
> >> 2. I need to use XP to run Windows only software on my laptop to control
> >> a motor driven equatorial mount and my astro camera(s), but I intend to
> >> process/manage the captured images on my desktop PC under running Linux.
> >>
> >> 3. There can be a lot of Image files, each of several MB up to possibly
> >> hundreds of MB, so fiddling with USB memory sticks is a pain. Much
> >> better to transfer via ftp/ethernet.
> >>
> >> 4. I did have a look at setting up a SAMBA server, but for Windows XP
> >> this seems to be a lot more complicated than for ftp.
> >>
> >> Regards
> >>
> >> Ken Hough
> >>
> >> On Friday 18 September 2009 18:34:31 you wrote:
> >>> Ken Hough wrote:
> >>>> Hi Guys,
> >>>>
> >>>> Can anyone help me with a firewall problem.
> >>>>
> >>>> I'm trying use my T42 Thinkpad to access an ftp server that is running
> >>>> on my desktop PC. The T42 runs Windows XP (yes, I know, but I need it
> >>>> to run some astro software). The desktop PC runs openSUSE v11.1.
> >>>>
> >>>> I'm using vsftp which is clearly configured OK and can be accessed
> >>>> from the T42, provided that I turn off the firewall on the Linux
> >>>> machine.
> >>>>
> >>>> OpenSUSE includes a nifty utility for setting up the firewall, but
> >>>> doesn't seem to be setting up correctly to allow for vsftp.
> >>>>
> >>>> Can someone please tell me what ports must be left open for vsftp
> >>>> operation?
> >>>>
> >>>> According to the firewall utility, for vsftp, port 20 should be open.
> >>>> According to lists of recognised TCPIP ports, 21 should also be open,
> >>>> and I've tried this but with no success.
> >>>
> >>> The only thing I know about this is there are two different FTP modes
> >>> (Passive and active). One uses both ports, using 21 for setting up the
> >>> transfer and 20 for moving data, whereas the other uses only one port
> >>> (21 I think). Some ftp clients let you choose which mode to use.
> >>>
> >>> I.e. you definitely want both ports open, but it sounds like you've
> >>> already tried that.
> >>>
> >>> You could try doing 'telnet <ftp host name> 21' from the client
> >>> machine, and see what response you get with the firewall up and down.
> >>> This might give you a clearer idea of whether the firewall is
> >>> configured right. (If it is, the response should be the same in both
> >>> cases)
> >>>
> >>> andy
> >>
> >> _______________________________________________
> >> Lancaster mailing list
> >> Lancaster at mailman.lug.org.uk
> >> https://mailman.lug.org.uk/mailman/listinfo/lancaster
> >
> > _______________________________________________
> > Lancaster mailing list
> > Lancaster at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/lancaster