[Lancaster] Firewall problem

Ken Hough kenhough at btinternet.com
Mon Sep 21 13:08:48 UTC 2009 

Andy et al,

After spending some time trying to sort out my problem wrt browser access to 
the ftp server running on my Linux box, I got myself confused.

The reference below to browsers using the login name of "USER" isn't the 
reason why I cannot log into the ftp server via a browser.

The fact is that I can use Firefox or 'My Computer/My Network Places' to 
contact the ftp server PROVIDED that the firewall on the ftp server box is 
disabled. So it looks like there is indeed something that I've missed wrt to 
the firewall config.

It appears that I do have ports 20 and 21 available through the firewall, so 
it looks like I need some other port or ports as well. So no real progress to 
date.

Yours confused!

Ken Hough

On Sunday 20 September 2009 15:44:40 Ken Hough wrote:
> Andy,
>
> Thanks for help.
>
> I beleve that I have identified the problem.
>
> The default setup for vsftpd provides for anonymous ftp using the login
> name and password of either 'ftp' or 'anonymous'.
>
> According to <http://cr.yp.to/ftp/browsing.html>, browsers will try to
> login to ftp sites using 'USER' as the login name.
>
> Using the XP terminal ftp client and 'USER' as the login name, it refuses
> the connection, so perhaps it's not surprising that 'windows' ftp
> connections fail.
>
> Acording to <http://vsftpd.beasts.org/vsftpd_conf.html#lbAG>, the vsftpd
> config options include 'ftp_username' which as I understand it should set
> the login name that vsftpd uses for anonymous ftp. So far, all I get is a
> report of:
> "500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':USER"
>
> with the names 'ftp' and 'anonymous' still available.
>
> I guest that somehow, I need to get vsftpd to accept 'USER' either instead
> of, or preferably as well as 'ftp' and 'anonymous'.
>
>
> Ken Hough
>
> On Saturday 19 September 2009 14:28:03 you wrote:
> > Had another look at your email, and it does seem like the problem is
> > with your firewall, but it's hard to see what's causing it.
> >
> > Are you sure you have both ports 20 /and/ 21 open? You could test this
> > in principle by shutting down vsftp on the linux box (but not the
> > firewall), and running netcat as a tcp-server on the linux box, on first
> > port 21 then 20. (Netcat is a command line tool which lets you set up
> > simple on-the-fly servers on different ports). Then see what happens if
> > you use windows's telnet program to connect to the netcat server - any
> > text you type into telnet should be echoed by netcat.
> >
> > Another thought - are there any windows clients that will connect using
> > sftp? If you did that, you could just run ssh on the linux box, which
> > uses just a single port and doesn't have so many setup options I think.
> >
> > andy
> >
> > andy baxter wrote:
> > > Hi ken,
> > >
> > > As far as I know windows will use the same two ports - 20 and 21. Are
> > > you sure the problem is with the firewall? I haven't followed your
> > > description of the problem that well, but another possibility might be
> > > that the ftp client you're using uses an ftp mode that your server
> > > doesn't like. There are quite a few different options for how an ftp
> > > transfer is set up, including the active/passive thing I said about, so
> > > maybe you just need to use a different client on the windows box, or
> > > configure it or the server differently?
> > >
> > > One thing you could try if you're desperate is to install a packet
> > > logger (does wireshark work in windows?) and use that to see what's
> > > going on when you try to connect.
> > >
> > > andy
> > >
> > > Ken Hough wrote:
> > >> Andy,
> > >>
> > >> Thanks for your suggestion.
> > >>
> > >> I've just tried using the simple terminal ftp client that's included
> > >> with Windows XP and this works OK with firewalls active on both my
> > >> laptop and my Linux box.
> > >>
> > >> So it looks like the basic vsftp setup is OK.
> > >>
> > >> The problem occurs when I try to use 'windows' to do the job. ie
> > >> either via "My Computer" and "My Network Places", or via Firefox. Both
> > >> of these work if I disable the firewall on my Linux box, so it seems
> > >> that for 'windows' operation, (an)other port/ports is/are used.
> > >>
> > >> Has anyone any suggestions as to what this/these might be?
> > >>
> > >> The reason that I want to sort this out is because:
> > >>
> > >> 1. I like to get things working. ;-)
> > >>
> > >> 2. I need to use XP to run Windows only software on my laptop to
> > >> control a motor driven equatorial mount and my astro camera(s), but I
> > >> intend to process/manage the captured images on my desktop PC under
> > >> running Linux.
> > >>
> > >> 3. There can be a lot of Image files, each of several MB up to
> > >> possibly hundreds of MB, so fiddling with USB memory sticks is a pain.
> > >> Much better to transfer via ftp/ethernet.
> > >>
> > >> 4. I did have a look at setting up a SAMBA server, but for Windows XP
> > >> this seems to be a lot more complicated than for ftp.
> > >>
> > >> Regards
> > >>
> > >> Ken Hough
> > >>
> > >> On Friday 18 September 2009 18:34:31 you wrote:
> > >>> Ken Hough wrote:
> > >>>> Hi Guys,
> > >>>>
> > >>>> Can anyone help me with a firewall problem.
> > >>>>
> > >>>> I'm trying use my T42 Thinkpad to access an ftp server that is
> > >>>> running on my desktop PC. The T42 runs Windows XP (yes, I know, but
> > >>>> I need it to run some astro software). The desktop PC runs openSUSE
> > >>>> v11.1.
> > >>>>
> > >>>> I'm using vsftp which is clearly configured OK and can be accessed
> > >>>> from the T42, provided that I turn off the firewall on the Linux
> > >>>> machine.
> > >>>>
> > >>>> OpenSUSE includes a nifty utility for setting up the firewall, but
> > >>>> doesn't seem to be setting up correctly to allow for vsftp.
> > >>>>
> > >>>> Can someone please tell me what ports must be left open for vsftp
> > >>>> operation?
> > >>>>
> > >>>> According to the firewall utility, for vsftp, port 20 should be
> > >>>> open. According to lists of recognised TCPIP ports, 21 should also
> > >>>> be open, and I've tried this but with no success.
> > >>>
> > >>> The only thing I know about this is there are two different FTP modes
> > >>> (Passive and active). One uses both ports, using 21 for setting up
> > >>> the transfer and 20 for moving data, whereas the other uses only one
> > >>> port (21 I think). Some ftp clients let you choose which mode to use.
> > >>>
> > >>> I.e. you definitely want both ports open, but it sounds like you've
> > >>> already tried that.
> > >>>
> > >>> You could try doing 'telnet <ftp host name> 21' from the client
> > >>> machine, and see what response you get with the firewall up and down.
> > >>> This might give you a clearer idea of whether the firewall is
> > >>> configured right. (If it is, the response should be the same in both
> > >>> cases)
> > >>>
> > >>> andy
> > >>
> > >> _______________________________________________
> > >> Lancaster mailing list
> > >> Lancaster at mailman.lug.org.uk
> > >> https://mailman.lug.org.uk/mailman/listinfo/lancaster
> > >
> > > _______________________________________________
> > > Lancaster mailing list
> > > Lancaster at mailman.lug.org.uk
> > > https://mailman.lug.org.uk/mailman/listinfo/lancaster
>
> _______________________________________________
> Lancaster mailing list
> Lancaster at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/lancaster

More information about the Lancaster mailing list