Le Sun, 18 Oct 2009 14:12:13 +0000
Mouhamadou Moustapha CAMARA <mmk...@gmail.com> a écrit:
> Essaye de mettre l'adresse de ton serveur en statique et fait un iptables
> -F pour voir
Le -F ça efface toutes les règles et DROP tout ...
Mais sinon oui j'ai essayé sans firewall et ça ne change rien.
>
> >
> > > Si cela ne marche pas toujours poste ton config ftp et iptables
> > >
> > >
> >
Voici ma config xinetd pour vsftpd:
service ftp
{
id = ftp_public
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
server_args = /etc/vsftpd.conf
log_on_success += DURATION USERID
log_on_failure += USERID
only_from = 192.168.10.0/24
bind = 192.168.10.1
nice = 10
disable = no
}
service ftp
{
id = ftp_public_nb4
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
server_args = /etc/vsftpd.conf
log_on_success += DURATION USERID
log_on_failure += USERID
only_from = 192.168.1.0/24
bind = adsl
nice = 10
disable = no
}
service ftp
{
id = ftp_local
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
server_args = /etc/vsftpd.conf
log_on_success += DURATION USERID
log_on_failure += USERID
only_from = localhost
bind = 127.0.0.1
nice = 10
disable = no
}
La config vsftpd.conf:
listen=NO
anonymous_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
Et le résultat de iptables -L -n -v (en pj car pas facile à lire sinon).
Gaëtan
Chain INPUT (policy DROP 6 packets, 1455 bytes)
pkts bytes target prot opt in out source destination
114 8624 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251
udp dpt:5353
0 0 ACCEPT all -- lan * 192.168.10.0/24
192.168.10.1
0 0 ACCEPT all -- lan * 192.168.10.0/24
192.168.1.20
0 0 ACCEPT all -- lan * 192.168.10.255
192.168.10.1
0 0 ACCEPT all -- adsl * 192.168.1.0/24
192.168.10.1
8 1106 ACCEPT all -- adsl * 192.168.1.0/24
192.168.1.20
0 0 ACCEPT all -- adsl * 192.168.1.255
192.168.1.20
0 0 DROP tcp -- adsl * 0.0.0.0/0
192.168.1.20 tcp flags:!0x3F/0x02 state NEW,RELATED
174 14055 ACCEPT all -- adsl * 0.0.0.0/0
192.168.1.20 state RELATED,ESTABLISHED
0 0 REJECT tcp -- adsl * 0.0.0.0/0
192.168.1.20 tcp dpt:113 reject-with tcp-reset
0 0 ACCEPT tcp -- adsl * 0.0.0.0/0
192.168.1.20 tcp dpt:5222 state NEW,RELATED,ESTABLISHED,UNTRACKED
0 0 ACCEPT tcp -- adsl * 0.0.0.0/0
192.168.1.20 tcp dpt:5223 state NEW,RELATED,ESTABLISHED,UNTRACKED
0 0 ACCEPT tcp -- adsl * 0.0.0.0/0 0.0.0.0/0
tcp dpts:6891:6900 state NEW,RELATED,ESTABLISHED,UNTRACKED
0 0 ACCEPT udp -- adsl * 0.0.0.0/0 0.0.0.0/0
udp dpts:6891:6900 state NEW,RELATED,ESTABLISHED,UNTRACKED
6 1455 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lan adsl 192.168.10.0/24 0.0.0.0/0
state NEW,RELATED,ESTABLISHED,UNTRACKED
0 0 ACCEPT all -- adsl lan 0.0.0.0/0
192.168.10.0/24 state RELATED,ESTABLISHED
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
114 8624 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251
udp dpt:5353
2 483 ACCEPT all -- * lan 192.168.10.1
192.168.10.0/24
0 0 ACCEPT all -- * lan 192.168.1.20
192.168.10.0/24
0 0 ACCEPT all -- * lan 192.168.10.1
192.168.10.255
0 0 ACCEPT all -- * adsl 192.168.10.1
192.168.1.0/24
10 965 ACCEPT all -- * adsl 192.168.1.20
192.168.1.0/24
0 0 ACCEPT all -- * adsl 192.168.1.20
192.168.1.255
160 11700 ACCEPT all -- * adsl 192.168.1.20 0.0.0.0/0
state NEW,RELATED,ESTABLISHED,UNTRACKED
0 0 ULOG all -- * * 0.0.0.0/0 0.0.0.0/0
ULOG copy_range 0 nlgroup 1 prefix `Netfilter' queue_threshold 1
