Re: [Bastille-linux-discuss] 1.20 ftp
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
Re: [Bastille-linux-discuss] 1.20 ftp
|
From: Peter W <pe...@us...> - 2001-05-18 17:02:27
|
On Fri, May 18, 2001 at 09:56:51AM -0500, Harmon Seaver wrote: > I'm not able to ftp into my server from the internal > network. I've got passive set to no which only affects FTP'ing - from your Bastille'd box to something else - through your Bastille'd box using NAT/masq > and in /etc/ftphosts I've got the line "allow hseaver > 192.168.0.4" and /etc/xinetd.d/wu-ftpd doesn't have the > libwrap line or any disable=yes line. Which, frankly, > surprises me, since all the others I've looked at do. Surprises me, too. Does it have any disable= line? > Any other files I should be looking at? With no NOLIBWRAP flag, /etc/hosts.(allow|deny) come into play. Also /etc/xinetd.conf may have a no_access line, in which case you need to add allow_from in the wu-ftpd config file. If you are logging in to the ftpd but can't list or xfer files, somewhere (/usr/share/docs/Bastille?) you should h-ave a file named readme.ftp that explains the problems with running an ftp server on a box with ipchains, and what you can do, i.e. setting a range for passive ftp ports, and allowing those with ipchains. -Peter |
