Le Sun, 18 Oct 2009 14:12:13 +0000
Mouhamadou Moustapha CAMARA <mmk...@gmail.com> a écrit:

> Essaye de mettre  l'adresse  de ton serveur en statique et  fait un iptables
> -F pour voir

Le -F ça efface toutes les règles et DROP tout ...
Mais sinon oui j'ai essayé sans firewall et ça ne change rien.


> 
> >
> > > Si cela ne marche pas toujours poste ton config ftp et iptables
> > >
> > >
> >

Voici ma config xinetd pour vsftpd:

service ftp
{
        id              =       ftp_public
        socket_type     =       stream
        wait            =       no
        user            =       root
        server          =       /usr/sbin/vsftpd
        server_args     =       /etc/vsftpd.conf
        log_on_success  +=      DURATION USERID
        log_on_failure  +=      USERID
        only_from       =       192.168.10.0/24
        bind            =       192.168.10.1
        nice            =       10
        disable         =       no
}

service ftp
{
        id              =       ftp_public_nb4
        socket_type     =       stream
        wait            =       no
        user            =       root
        server          =       /usr/sbin/vsftpd
        server_args     =       /etc/vsftpd.conf
        log_on_success  +=      DURATION USERID
        log_on_failure  +=      USERID
        only_from       =       192.168.1.0/24
        bind            =       adsl
        nice            =       10
        disable         =       no
}

service ftp
{
        id              =       ftp_local
        socket_type     =       stream
        wait            =       no
        user            =       root
        server          =       /usr/sbin/vsftpd
        server_args     =       /etc/vsftpd.conf
        log_on_success  +=      DURATION USERID
        log_on_failure  +=      USERID
        only_from       =       localhost
        bind            =       127.0.0.1
        nice            =       10
        disable         =       no
}

La config vsftpd.conf:
listen=NO
anonymous_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem

Et le résultat de iptables -L -n -v (en pj car pas facile à lire sinon).

Gaëtan
Chain INPUT (policy DROP 6 packets, 1455 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
  114  8624 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
        
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251 
        udp dpt:5353 
    0     0 ACCEPT     all  --  lan    *       192.168.10.0/24      
192.168.10.1        
    0     0 ACCEPT     all  --  lan    *       192.168.10.0/24      
192.168.1.20        
    0     0 ACCEPT     all  --  lan    *       192.168.10.255       
192.168.10.1        
    0     0 ACCEPT     all  --  adsl   *       192.168.1.0/24       
192.168.10.1        
    8  1106 ACCEPT     all  --  adsl   *       192.168.1.0/24       
192.168.1.20        
    0     0 ACCEPT     all  --  adsl   *       192.168.1.255        
192.168.1.20        
    0     0 DROP       tcp  --  adsl   *       0.0.0.0/0            
192.168.1.20        tcp flags:!0x3F/0x02 state NEW,RELATED 
  174 14055 ACCEPT     all  --  adsl   *       0.0.0.0/0            
192.168.1.20        state RELATED,ESTABLISHED 
    0     0 REJECT     tcp  --  adsl   *       0.0.0.0/0            
192.168.1.20        tcp dpt:113 reject-with tcp-reset 
    0     0 ACCEPT     tcp  --  adsl   *       0.0.0.0/0            
192.168.1.20        tcp dpt:5222 state NEW,RELATED,ESTABLISHED,UNTRACKED 
    0     0 ACCEPT     tcp  --  adsl   *       0.0.0.0/0            
192.168.1.20        tcp dpt:5223 state NEW,RELATED,ESTABLISHED,UNTRACKED 
    0     0 ACCEPT     tcp  --  adsl   *       0.0.0.0/0            0.0.0.0/0   
        tcp dpts:6891:6900 state NEW,RELATED,ESTABLISHED,UNTRACKED 
    0     0 ACCEPT     udp  --  adsl   *       0.0.0.0/0            0.0.0.0/0   
        udp dpts:6891:6900 state NEW,RELATED,ESTABLISHED,UNTRACKED 
    6  1455 ULOG       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
    0     0 ACCEPT     all  --  lan    adsl    192.168.10.0/24      0.0.0.0/0   
        state NEW,RELATED,ESTABLISHED,UNTRACKED 
    0     0 ACCEPT     all  --  adsl   lan     0.0.0.0/0            
192.168.10.0/24     state RELATED,ESTABLISHED 
    0     0 ULOG       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
        
  114  8624 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0   
        
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.251 
        udp dpt:5353 
    2   483 ACCEPT     all  --  *      lan     192.168.10.1         
192.168.10.0/24     
    0     0 ACCEPT     all  --  *      lan     192.168.1.20         
192.168.10.0/24     
    0     0 ACCEPT     all  --  *      lan     192.168.10.1         
192.168.10.255      
    0     0 ACCEPT     all  --  *      adsl    192.168.10.1         
192.168.1.0/24      
   10   965 ACCEPT     all  --  *      adsl    192.168.1.20         
192.168.1.0/24      
    0     0 ACCEPT     all  --  *      adsl    192.168.1.20         
192.168.1.255       
  160 11700 ACCEPT     all  --  *      adsl    192.168.1.20         0.0.0.0/0   
        state NEW,RELATED,ESTABLISHED,UNTRACKED 
    0     0 ULOG       all  --  *      *       0.0.0.0/0            0.0.0.0/0   
        ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1 

Répondre à