PDA

Click to See Complete Forum and Search --> : centos firewall help needed

xlancealotx
03-25-2006, 09:34 AM
Hey all, here is an interesting one. Have a box running Centos 4 with the normal iptables firewall setup via the command setup. Had the normal open SSH, WEB, MAIL, FTP and 10000:tcp.

All was fine, and had a power outage which after 20 mins reset the box. Once it came back up, I could no longer FTP in. I checked and FTP was allowed, but still nothing. If I disable the firewall, I can get in, but what is more interesting, if I have the firewall enabled, I can in fact FTP in via command prompt!

I just tested with the FW running, and tried from Quanta, purposely putting in wrong password. Got an authentication error. Changed to the correct password and got connection refused: (see message log below)
-----------------------------------------------------------------------
Mar 25 09:28:32 hobbs kernel: ip_tables: (C) 2000-2002 Netfilter core team
Mar 25 09:28:32 hobbs kernel: ip_conntrack version 2.1 (4095 buckets, 32760 max) - 340 bytes per conntrack
Mar 25 09:28:32 hobbs iptables: succeeded
Mar 25 09:28:41 hobbs last message repeated 3 times
Mar 25 09:28:42 hobbs kernel: ip_tables: (C) 2000-2002 Netfilter core team
Mar 25 09:28:42 hobbs kernel: ip_conntrack version 2.1 (4095 buckets, 32760 max) - 340 bytes per conntrack
Mar 25 09:28:42 hobbs iptables: succeeded
Mar 25 09:29:29 hobbs pure-ftpd: (?@ip ) [INFO] New connection from ip
Mar 25 09:29:29 hobbs pure-ftpd: (?@ip ) [WARNING] Authentication failed for user [user]
-------------------------------------------------------------------------

yet from the command prompt,
----------------------------------------------------------------------
client get's this:
220-This is a private system - No anonymous lo
220-IPv6 connections are also welcome on this
220 You will be disconnected after 15 minutes
User (ip:(none)): lance
331 User lance OK. Password required
Password:
230-User lance has group access to: user
230 OK. Current restricted directory is /
ftp>

and messages files gets:
Mar 25 09:32:15 hobbs pure-ftpd: (?@ip) [INFO] New connection from ip
Mar 25 09:32:18 hobbs pure-ftpd: (?@ip) [INFO] user is now logged in
Mar 25 09:33:13 hobbs pure-ftpd: (user@ip) [INFO] Logout.
-----------------------------------------------------------------------

Any help to this one is much appreciated....

:confused: Lr
je_fro
03-25-2006, 07:43 PM
what username was quanta trying to use?
xlancealotx
03-27-2006, 11:29 AM
While looking deeper and testing on other 'outside' machines, I know it's 100% firewall related, and it also seems to be a problem with PASV mode.

2 Seperate outside machines, one behind a linux box doing IP masquarding at a buddy's company get's the following when at the command prompt:
-----------------------------------------------------------------------------------
User joe has group access to: joe
OK. Current restricted directory is /
Logged in to server-ip
Current remote directory is /.
ncftp / > ls
connect failed: No route to host.
Falling back to PORT instead of PASV mode.
List failed.
ncftp / >
------------------------------------------------------------------------------------

....yet.... from my home machine, behind a linksys router/firewall, I get the following;

--------------------------------------------------------------------------------------
User joe has group access to: joe
OK. Current restricted directory is /
Logged in to server-ip
Current remote directory is /.
ncftp / > ls
connect failed: No route to host.
Falling back to PORT instead of PASV mode.
downloads/ rpm/
backup/ ftpasswd test/
----------------------------------------------------------------------------------------

Not sure if that helps at all, but it seems to be something with PASV mode... Again, any help is appreciated.

Lr