|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] allowing fxp transfers
|
first off, I'm going to dodge the tomatoes everyone is going to throw for
suggesting such a big security flaw, because allowing port commands from
ips other the connecting ip leaves the ftp server to abuse, man in the
middle attacks, and the such.
However, a friend of mine who is running a ftp server at home on his cable
connection wants to have the ability to transfer files to his home from
other ftp sites while he is at work, without telneting into the box and
starting ftping from there. He wants to use a FXP promgram from his indwos
box at work, which will allow him to ftp into his home computer, and
transfer files from a ftp site to his computer.
So, I'm trying to figure this out, and no matter what I do, I keep getting
something like this in /var/log/messages :
ftpd[pid]: refused PORT xxx.xxx.xxx.xxx,yyyy from host.domain.net
[zzz.zzz.zzz.zzz]
where zzz/host.domain.net is his work computer ip, xxx the ftp he is
trying to ftp files from, and yyyy is some random port, im guess the data
port.
hes running RH 6.1 and wu-ftp 2.6.0. the ftp entry in inetd.conf is:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
/etc/ftpaccess is the default, with 1 lines added:
port-allow all xxx.xxx.xxx.xxx
I've added the pasv-allow as well, but that does not do anything either.
putting passive mode in the ftp client does not help either.
and yes, each time ftpaccess ot inetd.conf have been changed, i've kill
HUP inetd.
I'm running out of ideas here. I don't know what the cause of this is.
Does anyone know if this is possible, or provide me any clues? :)
thanks!
Chad :)
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|