Le Sun, 18 Oct 2009 14:12:13 +0000 Mouhamadou Moustapha CAMARA <mmk...@gmail.com> a écrit:
> Essaye de mettre l'adresse de ton serveur en statique et fait un iptables > -F pour voir Le -F ça efface toutes les règles et DROP tout ... Mais sinon oui j'ai essayé sans firewall et ça ne change rien. > > > > > > Si cela ne marche pas toujours poste ton config ftp et iptables > > > > > > > > Voici ma config xinetd pour vsftpd: service ftp { id = ftp_public socket_type = stream wait = no user = root server = /usr/sbin/vsftpd server_args = /etc/vsftpd.conf log_on_success += DURATION USERID log_on_failure += USERID only_from = 192.168.10.0/24 bind = 192.168.10.1 nice = 10 disable = no } service ftp { id = ftp_public_nb4 socket_type = stream wait = no user = root server = /usr/sbin/vsftpd server_args = /etc/vsftpd.conf log_on_success += DURATION USERID log_on_failure += USERID only_from = 192.168.1.0/24 bind = adsl nice = 10 disable = no } service ftp { id = ftp_local socket_type = stream wait = no user = root server = /usr/sbin/vsftpd server_args = /etc/vsftpd.conf log_on_success += DURATION USERID log_on_failure += USERID only_from = localhost bind = 127.0.0.1 nice = 10 disable = no } La config vsftpd.conf: listen=NO anonymous_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem Et le résultat de iptables -L -n -v (en pj car pas facile à lire sinon). Gaëtan
Chain INPUT (policy DROP 6 packets, 1455 bytes) pkts bytes target prot opt in out source destination 114 8624 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 0 0 ACCEPT all -- lan * 192.168.10.0/24 192.168.10.1 0 0 ACCEPT all -- lan * 192.168.10.0/24 192.168.1.20 0 0 ACCEPT all -- lan * 192.168.10.255 192.168.10.1 0 0 ACCEPT all -- adsl * 192.168.1.0/24 192.168.10.1 8 1106 ACCEPT all -- adsl * 192.168.1.0/24 192.168.1.20 0 0 ACCEPT all -- adsl * 192.168.1.255 192.168.1.20 0 0 DROP tcp -- adsl * 0.0.0.0/0 192.168.1.20 tcp flags:!0x3F/0x02 state NEW,RELATED 174 14055 ACCEPT all -- adsl * 0.0.0.0/0 192.168.1.20 state RELATED,ESTABLISHED 0 0 REJECT tcp -- adsl * 0.0.0.0/0 192.168.1.20 tcp dpt:113 reject-with tcp-reset 0 0 ACCEPT tcp -- adsl * 0.0.0.0/0 192.168.1.20 tcp dpt:5222 state NEW,RELATED,ESTABLISHED,UNTRACKED 0 0 ACCEPT tcp -- adsl * 0.0.0.0/0 192.168.1.20 tcp dpt:5223 state NEW,RELATED,ESTABLISHED,UNTRACKED 0 0 ACCEPT tcp -- adsl * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6891:6900 state NEW,RELATED,ESTABLISHED,UNTRACKED 0 0 ACCEPT udp -- adsl * 0.0.0.0/0 0.0.0.0/0 udp dpts:6891:6900 state NEW,RELATED,ESTABLISHED,UNTRACKED 6 1455 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lan adsl 192.168.10.0/24 0.0.0.0/0 state NEW,RELATED,ESTABLISHED,UNTRACKED 0 0 ACCEPT all -- adsl lan 0.0.0.0/0 192.168.10.0/24 state RELATED,ESTABLISHED 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 114 8624 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353 2 483 ACCEPT all -- * lan 192.168.10.1 192.168.10.0/24 0 0 ACCEPT all -- * lan 192.168.1.20 192.168.10.0/24 0 0 ACCEPT all -- * lan 192.168.10.1 192.168.10.255 0 0 ACCEPT all -- * adsl 192.168.10.1 192.168.1.0/24 10 965 ACCEPT all -- * adsl 192.168.1.20 192.168.1.0/24 0 0 ACCEPT all -- * adsl 192.168.1.20 192.168.1.255 160 11700 ACCEPT all -- * adsl 192.168.1.20 0.0.0.0/0 state NEW,RELATED,ESTABLISHED,UNTRACKED 0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1