The client is on the outside. Yes I did try passive. I redid my firewall a little. I need to do some reading on the higher port rule you mentioned. I keep considering port 22 ftp because I do web design for a living and my hosting company uses what they call sftp on port 22, it's not technically ftp. Question on the first part of my firewall which if understand right is deny all then open what I need. If I put DROP in the OUTPUT under the filter, I have the local ftp problem, with ACCEPT it works. Everything else works either way. I am assuming that's where I need some understanding on exactly where things are moving around and set up the higher port rule. How unsecure is it if I leave the ACCEPT there? I have a home network with a bunch of vm clients and servers set up for me to experiment with but like have the web server and ftp to the outside world so I can grab files when I need them and test things with out having to log into my hosing company's servers.
I have allready opened a thread about this, but my question was really weird formed, so I'm writting it here again:
I have a Network with 4 FTP Servers, then a firewall, and then a Network with clients. The clients should have access to the FTP Servers, but it should not be possible to connect... (2 Replies)
I have 2 LAN's, seperated by a firewall, running iptables on it.
I want only allow ftp access from one to the other LAN.
Server 1 in LAN 1 should have ftp access to Server 2 in LAN 2
Server 2 in LAN 2 should not have ftp access to Server 1 in LAN 1.
Can someone tell me how to set up the... (5 Replies)
Greetings to all.
My new firewall is giving me one hell of a problem.
I'm running iptables and masquerading my intranet
thru NAT. But here is the problem. Whenever I try
to FTP to a server outside of my lan I get a 500
illegal port error.
I've come to the conclusion that NAT is... (2 Replies)
Hi,
We have some clients who will place huge files in to one of the remote server.
And the shell script written in our local server to retrieve client files (using FTP) placed on one of the remote server of ours by clients.
My question Is there any FTP command/script to check from my local... (1 Reply)
Hi all,
I'm using the following script to automated ftp files to 1 ftp servers
host=192.168.0.1
/usr/bin/ftp -vi >> $bkplog 2>&1 <<ftp
open $host
bin
cd ${directory}
put $files
quit
ftp
and the .netrc file contain
machine 192.168.0.1
login abc... (4 Replies)
Hi everybody. I have the next scenary:
eth0: WAN
eth1: DMZ
eth2: LAN
I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles.
I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Hello All,
I am trying to connect to ftp server and get the files. Also i need to rename the file in other ftp dir.
rename method is not allowing me to rename the file in other dir. When i tried copy command by using net::FTP:FILE then perl says it is not installed.
Can some body help me to... (2 Replies)
I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop.
In active mode : 20,21 must be open from server site. 1023 and over must be open at client site.
In passive mode : only 21,1023 and over must be... (1 Reply)
I have a pretty stock iptables script. One rule allows active ftp from an outside IP address. To troubleshoot it, I opened up ftp to all connections from the outside.
When a user outside our domain connects via FTP, they are denied. If I flush the rules, the ftp takes place successfully. This... (2 Replies)
Discussion started by: bricoleur
2 Replies
LEARN ABOUT SUSE
ftpd_selinux
ftpd_selinux(8) ftpd SELinux policy documentation ftpd_selinux(8)NAME
ftpd_selinux - Security-Enhanced Linux policy for ftp daemons.
DESCRIPTION
Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.
FILE_CONTEXTS
SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the
access that daemons have to files.
Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.
semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
restorecon -F -R -v /var/ftp
Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file
type. This also requires the allow_ftpd_anon_write boolean to be set.
semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
restorecon -F -R -v /var/ftp/incoming
BOOLEANS
SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.
Allow ftp servers to read and write files with the public_content_rw_t file type.
setsebool -P allow_ftpd_anon_write on
Allow ftp servers to read or write files in the user home directories.
setsebool -P ftp_home_dir on
Allow ftp servers to read or write all files on the system.
setsebool -P allow_ftpd_full_access on
Allow ftp servers to use cifs for public file transfer services.
setsebool -P allow_ftpd_use_cifs on
Allow ftp servers to use nfs for public file transfer services.
setsebool -P allow_ftpd_use_nfs on
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
SEE ALSO selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)dwalsh@redhat.com 17 Jan 2005 ftpd_selinux(8)