заморочки с ftp

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

заморочки с ftp

r00tb33r
Добрый день !
 Субж выглядит примерно так:
-----
230- OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 001:57 MST 2005
230-
230- OpenBSD 3.7
230-
230 User xxxx logged in.
    SYST
215 UNIX Type: L8 Version: BSD-199306
    FEAT
500 'FEAT': command not understood.
    TYPE I
200 Type set to I.
    REST 0
350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer.
    PWD
257 "/home/xxxx" is current directory.
    PASV
227 Entering Passive Mode (xxx,xxx,xxx,xxx,xxx,xx)
    Opening data connection to xxx.xxx.xxx.xxx Port: 54047
    LIST -aL
    A connection attempt failed because the connected party did not
    properly respond after a period of time, or established connection
    failed because connected host has failed to respond.
-----
То есть, после команды ls ответ не приходит и коннект замерзает.
Понимаю, что явно напортачил с pf, но где именно - понять не могу...
Воскресенье, блин :)
---
# pfctl -sr
scrub in all fragment reassemble
pass in quick on xl0 proto tcp from any to any port = www
pass in quick on xl0 proto tcp from any to any port = ftp
pass in quick on xl0 proto tcp from any to any port = ftp-data
#                это я уже от отчаяния добавил ^^^^^^^^^^^^^^^ :)
block drop in all
block drop in quick on xl0 proto tcp from any to any port = 3128
block drop in quick on xl0 proto udp from any to any port = 3128
block drop in quick on xl1 inet from 192.168.0.5 to any
block drop in quick on xl1 inet from 192.168.0.7 to any
pass out all keep state
pass quick on lo all
pass quick on xl1 all
block drop in quick on ! lo inet from 127.0.0.0/8 to any
block drop in quick on ! lo inet6 from ::1 to any
block drop in quick inet from 127.0.0.1 to any
block drop in quick inet6 from ::1 to any
block drop in quick on lo0 inet6 from fe80::1 to any
block drop in quick on ! xl1 inet from 192.168.0.0/24 to any
block drop in quick inet from 192.168.0.3 to any
block drop in quick on xl1 inet6 from fe80::204:76ff:feed:dfab to any
pass in on xl0 proto tcp from any to (xl0) port = 255 keep state
pass in on xl0 proto tcp from any to (xl0) port > 49151 user = 71 keep state
pass in log on xl0 proto tcp from any to (xl0) port = smtp keep state
pass out log on xl0 proto tcp from (xl0) to any port = smtp keep state
pass in log on xl0 proto tcp from any to (xl0) port = 255
---
xl0 - внешний интерфейс, на котором как раз наблюдается глюк. На
внутреннем (xl1) всё работает нормально.

--
С уважением,
 r00tb33r                          mailto:[hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: заморочки с ftp

Oleg Safiullin
> pass in quick on xl0 proto tcp from any to any port = ftp-data
> #                это я уже от отчаяния добавил ^^^^^^^^^^^^^^^ :)

Давно не используется :)

Нужно добавить разрешение на коннект к портам > 49151 для пользователя ftp
(или >= 1000 [по требованиям] если не только anonymous нужен).

На www.openbsd.ru/files есть пример.


Reply | Threaded
Open this post in threaded view
|

Re: заморочки с ftp

r00tb33r

> На www.openbsd.ru/files есть пример.
>
>

Спасибо, всё заработало.