| Author |
Message |
creed
Veteran Dog
Joined: 08 Nov 2003
Age: 97
Posts: 6307
Location: Back to where it all began. Back to my own slice of nirvana. Back home.
|
Posted:
Wed Mar 21, 2007 8:10 am Post subject: |
|
Well I think that's what is tripping uphere. For some reason its' not forewarding the ports back to the user that is connecting outside the firewall. And I'm at a loss as to why that is so. I'm thinking that maybe it's because this is being run inside a jail (http://erdgeist.org/arts/software/ezjail/), but if that was the case then stuff like SSHD and HTTP shouldn't work either right? |
_________________
The Seven faces of Creed
      
|
|
|
|
|
|
soup4you2
Tail-Wagger
Joined: 15 Mar 2002
Posts: 2452
Location: Desolate wastelands of Virginia
|
|
Posted:
Wed Mar 21, 2007 10:09 am Post subject: |
|
Have you tried doing a redirection of ports using PF, so 21 -> 2000?? then just open 2000?? on the dlink? no need for the router to redirect it then.. If that is your problem.
Or instead of some portforward method.. cant you just live with the service running on a diffrent port? just reconfigure your FTP server to run on port 2000?? instead of 21?
Also SFTP works wonders, really no need for FTP unless you have clients connecting in.
I've never used ezjail, always done it the hard way.. so I'm not entirely sure how it configures the jail since you can create them in a variety of ways. |
_________________
tomorrow will be canceled due to lack of interest
|
|
|
|
|
|
creed
Veteran Dog
Joined: 08 Nov 2003
Age: 97
Posts: 6307
Location: Back to where it all began. Back to my own slice of nirvana. Back home.
|
|
Posted:
Wed Mar 21, 2007 10:14 am Post subject: |
|
soup4you2 wrote:Have you tried doing a redirection of ports using PF, so 21 -> 2000?? then just open 2000?? on the dlink? no need for the router to redirect it then.. If that is your problem.
Or instead of some portforward method.. cant you just live with the service running on a diffrent port? just reconfigure your FTP server to run on port 2000?? instead of 21?
Also SFTP works wonders, really no need for FTP unless you have clients connecting in.
I've never used ezjail, always done it the hard way.. so I'm not entirely sure how it configures the jail since you can create them in a variety of ways.
That's something that I was wondering about, but I don't thikn I have pf running (unless it's not a process that shows up when you run top).
Well I know it just takes a base install of the OS and goes from there. I had some issues with it like pings won't work inside the jail and what not but enabling raw packets through sysctl resolved that.
Originally I had it on port 2000, but had the exact same issue. Whatever ti is it's not an issue with the port that it's accpting inbound connections on.
I will be accepting clients, so SFTP is out. |
_________________
The Seven faces of Creed
|
|
|
|
|
|
soup4you2
Tail-Wagger
Joined: 15 Mar 2002
Posts: 2452
Location: Desolate wastelands of Virginia
|
|
Posted:
Wed Mar 21, 2007 10:25 am Post subject: |
|
creed wrote:
Well I know it just takes a base install of the OS and goes from there. I had some issues with it like pings won't work inside the jail and what not but enabling raw packets through sysctl resolved that.
Jails by default restrict a lot of things.. one of the main reasons pings are not allowed is network discovery.
Quote:
Since raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option is disabled.
Quote:
Originally I had it on port 2000, but had the exact same issue. Whatever ti is it's not an issue with the port that it's accpting inbound connections on.
I will be accepting clients, so SFTP is out.
Have you also tried different FTP servers? I've used proftp and it works like a champ. you might want to give that a try. |
_________________
tomorrow will be canceled due to lack of interest
|
|
|
|
|
|
creed
Veteran Dog
Joined: 08 Nov 2003
Age: 97
Posts: 6307
Location: Back to where it all began. Back to my own slice of nirvana. Back home.
|
|
Posted:
Wed Mar 21, 2007 10:28 am Post subject: |
|
soup4you2 wrote:creed wrote:
Well I know it just takes a base install of the OS and goes from there. I had some issues with it like pings won't work inside the jail and what not but enabling raw packets through sysctl resolved that.
Jails by default restrict a lot of things.. one of the main reasons pings are not allowed is network discovery.
Quote:
Since raw sockets can be used to configure and interact with various network subsystems, extra caution should be used where privileged access to jails is given out to untrusted parties. As such, by default this option is disabled.
Quote:
Originally I had it on port 2000, but had the exact same issue. Whatever ti is it's not an issue with the port that it's accpting inbound connections on.
I will be accepting clients, so SFTP is out.
Have you also tried different FTP servers? I've used proftp and it works like a champ. you might want to give that a try.
I think I might have too. I'll give the pf thing a spin first (how can you tell if that's running btw? I assume it'd show up in top oif it was), and if that doesn't work mabe its' time to try another option. |
_________________
The Seven faces of Creed
|
|
|
|
|
|
soup4you2
Tail-Wagger
Joined: 15 Mar 2002
Posts: 2452
Location: Desolate wastelands of Virginia
|
|
Posted:
Wed Mar 21, 2007 12:15 pm Post subject: |
|
PF is a firewall. it's disabled by default.. you can goto http://cvs.openbsd.org/faq/pf/ for more info |
_________________
tomorrow will be canceled due to lack of interest
|
|
|
|
|
|
squashman
Big Dog
Joined: 08 Oct 2001
Posts: 3465
Location: 1265 Lombardi Ave.
|
|
Posted:
Thu Mar 22, 2007 7:50 am Post subject: |
|
I guess I am not understanding why you can't use SFTP? What am I missing? |
|
|
|
|
|
|
|
creed
Veteran Dog
Joined: 08 Nov 2003
Age: 97
Posts: 6307
Location: Back to where it all began. Back to my own slice of nirvana. Back home.
|
|
Posted:
Thu Mar 22, 2007 3:24 pm Post subject: |
|
soup4you2 wrote:PF is a firewall. it's disabled by default.. you can goto http://cvs.openbsd.org/faq/pf/ for more info
Intresting.
Decided to give it a spin, but I've ran into yet another roadblock. Apparently in jail enviroments you cannot load kernal based items such as pf.
/etc/rc.d/pf start
kldload: can't load pf: Operation not permitted
/etc/rc.d/pf: WARNING: pf module failed to load.
While I do more research, I'm going to see about the other ftp mentioned. Also going to see if I should jsut scrap the jail usage, because if I can't get this to work, I dont' see how else I can see foks being able to transfer files onto this system.[/code] |
_________________
The Seven faces of Creed
|
|
|
|
|
|
creed
Veteran Dog
Joined: 08 Nov 2003
Age: 97
Posts: 6307
Location: Back to where it all began. Back to my own slice of nirvana. Back home.
|
|
Posted:
Fri Mar 23, 2007 5:37 am Post subject: |
|
soup4you2 wrote:Have you also tried different FTP servers? I've used proftp and it works like a champ. you might want to give that a try.
Well gave proftpd a spin. Still the exact same issue, it will login, but never complete the connect and times out before giving a directory listing.
At this point I"m completely lost. Every step that should work either doesn't and gives odd errors, or doesn't and nothing is returned.Immensely frustrazting. |
_________________
The Seven faces of Creed
|
|
|
|
|
|
creed
Veteran Dog
Joined: 08 Nov 2003
Age: 97
Posts: 6307
Location: Back to where it all began. Back to my own slice of nirvana. Back home.
|
|
Posted:
Fri Mar 23, 2007 7:35 am Post subject: |
|
HUzzah!
While digging around the config file I found a section that stated ForcePassiveIP. I had tried it with an internal address before, thinking that it would need to be pointed to the router to "see" a way out. I thought "what if it needs an external IP to be successfully routed to the ftp client that is connecting?"
SO tried it, and viola! It worked! Replaced with the domain name that the ftp server is linked too, and still works! Awesome!
Thanks a bunch to everyone that replied here. It meant and helped a lot! (for one I'm going to see if I shouold be looking into pf some more) |
_________________
The Seven faces of Creed
|
|
|
|
|
|
|
|
LWD 
FAQ 
Memberlist 
Usergroups 
Active Topics 
Register 
Profile 
Log in to check your private messages 
Log in 
Who is Online 
Image Gallery 
Chat 
Search 
