Does your firewall have application level monitoring?<br><br>It may be that you need to specifically allow the application to be accessed, as well as opening the relevant ports.<br><br><br><br><div class="gmail_quote">2009/9/22 Ken Hough <span dir="ltr"><<a href="mailto:kenhough@btinternet.com">kenhough@btinternet.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">On Monday 21 September 2009 16:13:50 Richard Robinson wrote:<br>
> On Mon, Sep 21, 2009 at 02:45:38PM +0100, andy baxter wrote:<br>
> > Sorry I'm confused too. Did you try my suggestion of using wireshark to<br>
> > look at what's happening over the network when you try to connect?<br>
><br>
> This is probably a stupid comment, I'm not a expert at this stuff & I<br>
> haven't really been paying much attention ... but :- it's not a question of<br>
> packet type, is it ? Does the firewall select for TCP / UDP ?<br>
<br>
</div>I've tried enabling UDP on the firewall, but this didn't help.<br>
<br>
Recent tests as follows:<br>
<br>
1. Accessed vsftpd locally as <a href="ftp://localhost" target="_blank">ftp://localhost</a> (with the firewall enabled)<br>
without any problems. This confirms that vsftpd is working as I intended.<br>
<br>
2. Accessing the vsftpd server remotely (with firewall enabled) via my laptop<br>
running Firefox under winXP again failed. On dropping the firewall on the<br>
server machine, again all was well.<br>
<br>
Clearly:<br>
<br>
-- there is a problem with the firewall on the server machine.<br>
<br>
-- the setup on the laptop PC is working!<br>
<br>
<br>
As Andy recommended, I installed 'wireshark' on the laptop machine. This runs<br>
OK, but before commenting on what I found, I'd like to spend a bit of time<br>
figuring out all of what it told me.<br>
<br>
It does seem that with the firewall running, I get a connection, but this is<br>
then dropped.<br>
<br>
Ho hum! Life is fun! :-)<br>
<br>
Further investigation has shown that one or more TCP ports in the range 50000<br>
to 55000 is/are being accessed. ie if I enable this range, I get full access.<br>
<br>
A bit more experimentation should allow me to home in of the ports<br>
needed. :-)<br>
<font color="#888888"><br>
Ken Hough<br>
</font><div><div></div><div class="h5"><br>
_______________________________________________<br>
Lancaster mailing list<br>
<a href="mailto:Lancaster@mailman.lug.org.uk">Lancaster@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/lancaster" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/lancaster</a><br>
</div></div></blockquote></div><br>