Problem with ftp server
Thanasis
thanasis at asyr.hopto.org
Sat Jan 10 21:32:37 EET 2009
on 01/10/2009 09:11 PM panagiotis takis_rs wrote the following:
> *1) ps -ef |grep vsftpd
> τι δίνει;*
> root 6913 1 0 20:56 ? 00:00:00 /usr/sbin/vsftpd
> takis 8611 8402 0 21:03 pts/0 00:00:00 grep vsftpd
>
>
> *2) netstat -atp |grep -i LISTEN
> τι δίνει;*
> tcp 0 0 localhost:mysql *:*
> LISTEN 6331/mysqld
> tcp 0 0 *:ftp *:*
> LISTEN 6913/vsftpd
> tcp 0 0 localhost:ipp *:*
> LISTEN 6476/cupsd
> tcp6 0 0 localhost:8005 [::]:*
> LISTEN 7410/java
> tcp6 0 0 [::]:8009 [::]:*
> LISTEN 7410/java
> tcp6 0 0 [::]:5900 [::]:*
> LISTEN 7979/vino-server
> tcp6 0 0 [::]:http-alt [::]:*
> LISTEN 7410/java
>
> *3) κάνε attach το vsftpd.conf*
> listen=YES
> max_clients=4
> max_per_ip=1
> ftpd_banner=Takis_rs, ftp server.
> anonymous_enable=YES
> anon_root=/home/takis/Desktop/ <------ Βγάλτο
> local_enable=YES
> write_enable=NO
> anon_upload_enable=NO
> anon_mkdir_write_enable=NO
> anon_other_write_enable=NO
> hide_ids=YES
> ls_recurse_enable=NO
> tcp_wrappers=YES <------ Βγάλτο
> log_ftp_protocol=YES
> dual_log_enable=YES
> xferlog_enable=YES
> idle_session_timeout=60
> data_connection_timeout=300
> accept_timeout=60
> connect_timeout=60
> dirmessage_enable=YES
> background=YES
> pasv_min_port=50000
> pasv_max_port=50003
> anonymous_enable=YES
> banner_file=/etc/WELCOME_BANNER
> connect_from_port_20=YES
> nopriv_user=ftpsecure <------ υπάρχει αυτός ο χρήστης ; (γιατί ο
> vsftpd τρέχει σαν root;)
> xferlog_enable=YES <--- πάλι;
Γενικά δεν μου φαίνεται προσεγμένο το *vsftpd.conf *και δεν ξέρω άν έχει
πρόβλημα.
Θα σου πρότεινα να το κρατήσεις backup και να το κάνεις ίδιο με το δικό
μου (στο email).
Επίσης να το τρέξεις μέσω xinetd, και να ρυθμίσεις και αυτό ομοίως με το
δικό μου. (και ξεκίνα και τον xinetd.)
>
> 4) *iptables -L*
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT tcp -- calchas.forthnet.gr anywhere tcp
> flags:!FIN,SYN,RST,ACK/SYN
> ACCEPT udp -- nsath.forthnet.gr anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere limit:
> avg 10/sec burst 5
> DROP all -- anywhere 255.255.255.255
> DROP all -- anywhere 192.168.1.255
> DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
> DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
> DROP all -- 255.255.255.255 anywhere
> DROP all -- anywhere 0.0.0.0
> DROP all -- anywhere anywhere state
> INVALID
> LSI all -f anywhere anywhere limit:
> avg 10/min burst 5
> INBOUND all -- anywhere anywhere
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere LOG level
> info prefix `Unknown Input'
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> ACCEPT icmp -- anywhere anywhere limit:
> avg 10/sec burst 5
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere LOG level
> info prefix `Unknown Forward'
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> ACCEPT tcp -- 192.168.1.4 calchas.forthnet.gr tcp
> dpt:domain
> ACCEPT udp -- 192.168.1.4 nsath.forthnet.gr udp
> dpt:domain
> ACCEPT all -- anywhere anywhere
> DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
> DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
> DROP all -- 255.255.255.255 anywhere
> DROP all -- anywhere 0.0.0.0
> DROP all -- anywhere anywhere state
> INVALID
> OUTBOUND all -- anywhere anywhere
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere LOG level
> info prefix `Unknown Output'
>
> Chain INBOUND (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT udp -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere tcp
> dpts:ftp-data:ftp
> ACCEPT udp -- anywhere anywhere udp
> dpts:20:fsp
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:http-alt
> ACCEPT udp -- anywhere anywhere udp
> dpt:http-alt
> LSI all -- anywhere anywhere
>
> Chain LOG_FILTER (5 references)
> target prot opt source destination
>
> Chain LSI (2 references)
> target prot opt source destination
> LOG_FILTER all -- anywhere anywhere
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info
> prefix `Inbound '
> DROP tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,ACK/SYN
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info
> prefix `Inbound '
> DROP tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,ACK/RST
> LOG icmp -- anywhere anywhere icmp
> echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
> DROP icmp -- anywhere anywhere icmp
> echo-request
> LOG all -- anywhere anywhere limit:
> avg 5/sec burst 5 LOG level info prefix `Inbound '
> DROP all -- anywhere anywhere
>
> Chain LSO (0 references)
> target prot opt source destination
> LOG_FILTER all -- anywhere anywhere
> LOG all -- anywhere anywhere limit:
> avg 5/sec burst 5 LOG level info prefix `Outbound '
> REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
>
> Chain OUTBOUND (1 references)
> target prot opt source destination
> ACCEPT icmp -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT udp -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere
>
>
Μεγάλε, το firewall είναι σηκωμένο =-O
Δώσε *iptables -F *
και μετά πάλι *ptables -L
*
> *iptables -L -t nat*
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> *5) netstat -atp |grep -i xinet*
> ΤΙΠΟΤΑ
*netstat -atp |grep -i inet ;*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hellug.gr/pipermail/linux-greek-users/attachments/20090110/faf526a0/attachment.htm>
More information about the Linux-greek-users
mailing list