vsftp firewall problem

[neurocomp]

Hi there!
I'm a PhD candidate from Rome, and I'm trying to install an FTP service for my research group.
I've some troubles with VSFTPD on SUSE 10.1 x86-64: it is possible to read the directories from a remote client only if the firewall is shut down.
This is the vsftpd.conf file:

write_enable=YES
dirmessage_enable=YES
local_enable=YES
chroot_local_user=YES
anonymous_enable=no
anon_world_readable_only=YES
syslog_enable=YES
pam_service_name=vsftpd
ssl_enable=NO

and this is the firewall configuration:

Firewall starting
Start firewall at boot
Internal zone
Interfaces
ASUSTeK CK8S Ethernet Controller / eth-id-00:11:2f:ba:43:2c
Services, ports and protocols admitted
SSH
Ports TCP: 20, 21
Ports UDP: 20, 21
Demilitarized zone
Interfaces
'any' Currently supported only in external zones.
Services, ports and protocols admitted
SSH
Ports TCP: 20, 21
Ports UDP: 20, 21
External zone
Interfaces
'any' The not assigned interfaces will be assigned to this zone.
Services, ports and protocols admitted
SSH
Ports TCP: 20, 21
Ports UDP: 20, 21

Tanks a lot for your aid, I really need it!

[bigfilsing]

By no means an expert but it looks like the protocols in your firewall config are insufficient.

I know this from setting up an ADSL modem router on a windows machine.
TCP and UDP are needed for a web sever ( http) you need additional ones ( and ports) for ftp.
I'm not at home at the moment so i can;t check my router config files but thought i'd try and point you in the right direction.

Good luck.

[neurocomp]

Tanks a lot bigfilsing,
but I had no luck.
I've tried to use the word "ftp" instead of setting on my own each single port, this should made automatic the ports opening for ftp services. moreover I enabled "ftp" also for the field "protocols ip", I think this is all I can do with the yast2 interface for the firewall.
This is the new vsftpd.conf:

Firewall starting
Start firewall at boot
Internal zone
Interfaces
ASUSTeK CK8S Ethernet Controller / eth-id-00:11:2f:ba:43:2c
Services, ports and protocols admitted
SSH
Ports TCP: ftp
Ports UDP: ftp
Protocols IP: ftp
Demilitarized zone
Interfaces
'any' Currently supported only in external zones.
Services, ports and protocols admitted
SSH
Ports TCP: ftp
Ports UDP: ftp
Protocols IP: ftp
External zone
Interfaces
'any' The not assigned interfaces will be assigned to this zone.
Services, ports and protocols admitted
SSH
Ports TCP: ftp
Ports UDP: ftp
Protocols IP: ftp

[bigfilsing]

That definately won't work. You have to put port numbers nect to the protocol UDP & TCP
I'd put port 80 ( as well as 20,21 (where did you get that info from BTW))as most FTP programs i've used default to port 80.

If i had to guess i'd add ftp like this.
Services, ports and protocols admitted
SSH
Ports TCP: 20, 21
Ports UDP: 20, 21
Ports FTP: 80
Demilitarized zone
Interfaces
'any' Currently supported only in external zones.
Services, ports and protocols admitted
SSH
Ports TCP: 20, 21
Ports UDP: 20, 21
Ports FTP: 80
External zone
Interfaces
'any' The not assigned interfaces will be assigned to this zone.
Services, ports and protocols admitted
SSH
Ports TCP: 20, 21
Ports UDP: 20, 21
Ports FTP: 80

There's gotta be some info on this somewhere or somebody using the same setup.

Sorry i can't be more help

Good luck

[neurocomp]

I installed one more time the system, I avoided to configure the network during the installation. Now everything works with the firewall configuration I tryed when I installed the system for the first time.

thank you bigfilsing,

good luck