From: Brendan Kehoe (brendan at domain zen.org)
Date: Sun 05 Sep 1999 - 15:33:00 IST
> Now, here's my question - I tried to FTP from one box to the other and the
> connection was cut off no matter what end I tried it from. Can someone tell
> me where I have to put the IP addresses that a box will allow access to
> itself from i.e. where in the pc should I put the IP address of the laptop
> and vice versa. BTW, I'm running SuSE 6.2.
Presumably you'll find an error message in your /var/log/messages about the
Sep 5 15:23:27 foo ftpd: FTP LOGIN REFUSED (name in /etc/ftphosts) FROM foo.bar.com [192.168.1.1], brendan
To tweak it, you'll first need to look in your /etc/inetd.conf, and see how
ftpd is set up to run. Usually, it'll go through tcpd like this:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
If that line's commented out (and no other `ftp' line is there), you can
uncomment it and do
kill -HUP `cat /var/run/inetd.pid`
to make inetd reread it.
`tcpd' is a tcp wrapper; if you've never heard of it, that's something used to
do some security for your system by controlling who can use the various
network services on it. It cares about what's listed in /etc/hosts.allow, or
/etc/hosts.deny. For this, I had to put
in /etc/hosts.allow to make it allow FTP connections from the machine
The FTP daemon may also have been started with this line instead:
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -l -a
intended to skip using the TCP wrapper. In either case, you'll see that it's
probably starting the daemon with the `-l' argument (to log the session), and
the `-a' option, which says to pay attention to what's in /etc/ftpaccess, a
file used to configure how the daemon behaves. You can read the manpage on
ftpaccess if ya like; it's not really of note here, though.
It does also use the file /etc/ftphosts, though, and that's the one you care
about. For example, it would need
allow brendan 192.168.1.1
to allow the user `brendan' to FTP in from that host. Sometimes, a site will
deny * 0.0.0.0
allow brendan 192.168.1.1
to make the FTP daemon realize they want to block access by default, but open
it up to specific users.
Thus, if you make sure that the host coming in is listed in hosts.allow, and
the user & host (or `allow * 192.168.1.1' to let anyone on that system) are
listed in /etc/ftphosts, I think it may let it work better.
(All of this was based on what's present on a RedHat system, but since SuSE
also uses the wu-ftpd, it'll hopefully be applicable.)
Hope this helps!
-- Brendan Kehoe Web page: http://www.zen.org/~brendan/
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:32 GMT