From: Loris.Serena@pfpc.ie
Date: Sat Feb 23 2008 - 05:30:42 EST
Guys,
Not sure what I'm missing here but I can't figure out how to re-enable ftp
on a Solaris 10 8/07 box (hostname hercules) after applying jass.
The service seems up to me, but when from a remote box (solaris 8) I try
to ftp to hercules, I get the following:
$ telnet hercules 21
Trying 10.11.234.94...
Connected to hercules.domain.com.
Escape character is '^]'.
Connection closed by foreign host.
$
$ ftp hercules
Connected to hercules.domain.com.
421 Service not available, remote server has closed connection
ftp>
This happens before I can even provide a username and/or password, so I
would rule out /etc/shells and /etc/ftpd/ftpusers (which are fine anyway).
[hercules]/$ svcs -a | grep ftp
online 21:19:30 svc:/network/ftp:default
[hercules]/$
[hercules]/$ svcs -xv
[hercules]/$
[hercules]/$ /usr/sbin/inetadm -l ftp
SCOPE NAME=VALUE
name="ftp"
endpoint_type="stream"
proto="tcp6"
isrpc=FALSE
wait=FALSE
exec="/usr/sbin/in.ftpd -l -a"
user="root"
default bind_addr=""
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=TRUE
default tcp_wrappers=TRUE
[hercules]/$
[hercules]/$ netstat -an | grep 21
*.21 *.* 0 0 49152 0 LISTEN
*.21 *.* 0
0 49152 0 LISTEN
[hercules]/$
[hercules]/$ grep ftp /etc/hosts.allow
in.tftpd: ALL
[hercules]/$
[hercules]/$ cat /etc/ftpd/ftpaccess
# ident "@(#)ftpaccess 1.2 03/05/14 SMI"
#
# FTP server configuration file, see ftpaccess(4).
#
class realusers real *
class guestusers guest *
class anonusers anonymous *
loginfails 3
passwd-check trivial warn
private no
shutdown /etc/ftpd/shutdown.msg
# email user@hostname
# guestuser username
# rhostlookup no
keepalive yes
recvbuf 65536 real,guest,anonymous
sendbuf 65536 real,guest,anonymous
# flush-wait no anonymous
# passive ports 0.0.0.0/0 32768 65535
# timeout data 600
# timeout idle 300
banner /etc/ftpd/banner.msg
greeting brief
message /etc/ftpd/welcome.msg login
message .message cwd=*
readme README* login
readme README* cwd=*
# quota-info *
chmod no anonymous
delete no anonymous
overwrite no anonymous
rename no anonymous
umask no anonymous
compress yes realusers guestusers anonusers
tar yes realusers guestusers anonusers
path-filter guest,anonymous /etc/ftpd/filename.msg ^[[:alnum:]._-]*$
^[.-]
noretrieve relative class=anonusers /
allow-retrieve relative class=anonusers /pub
upload class=anonusers * * no nodirs
# upload class=anonusers * /incoming yes ftpadm ftpadm 0440
nodirs
# log commands real,guest,anonymous
# log security real,guest,anonymous
# log transfers real,guest,anonymous inbound,outbound
# xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u
%Xc %Xs %Xr
# limit-time anonymous 30
# limit anonusers 10 Wk0730-1800 /etc/ftpd/toomany.msg
# limit anonusers 50 SaSu|Any1800-0730
/etc/ftpd/toomany.msg
defumask 022
in /var/adm/messages, I got
Feb 23 10:13:15 hercules inetd[282]: [ID 317013 daemon.notice] ftp[21531]
from 10.159.244.135 59497
Feb 23 10:13:15 hercules in.ftpd[21531]: [ID 808958 daemon.warning]
refused connect from vanguard.pfpcint.com (access denied)
Any idea what I am missing, here?
Thanks in advance
Loris
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:47 EDT