[timbuck2]

Hello,

I have set up Linux Lite and have been using it for about a week.

I now want to set up ftp access to the computer.

I installed vsftpd and edited /etc/vsftpd.conf and can login through localhost.

But when I tried to ftp in from another machine in the house, it couldn't connect.

After some research I used ufw to allow ftp with:

Code:

sudo ufw allow ftp

but after restarting the firewall I still can't reach the Linux Lite machine from the other computer.

From the other computer I can ping the router 192.168.0.1 and www.google.com so I know it's working but can't get a ping response from the Linux Lite machine. 

So I disabled the firewall with

Code:

sudo ufw disable

and restarted the computer.  Still can't get a ping response from the Linux Lite machine.  The Linux Lite machine can ping the other machine, router, google.com, etc.

What can I do to get my other machine to ftp and ping the Linux Lite machine?  Thanks for any help you can offer.  I'm tearing my hair out with this one (the little I have left lol)

[bitsnpcs]

Hello timbuck2,

this is a tutorial for setting up on LL 3 series - https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04

This is tutorial for Ubuntu 18.04 unsure if it works on LL 4 series - https://www.digitalocean.com/community/t...untu-18-04

[timbuck2]

Ok thanks I'll read the tutorial.  I am just perplexed why I can't even ping the LL machine even with the firewall disabled??

Could there be any other security subsystem preventing this?  I haven't used Linux in years since I had an old Gentoo installation and never had a problem interfacing between machine then but I haven't kept up on changes since then.

[bitsnpcs]

You wrote you rebooted after disabling the UFW, did you check the UFW status after rebooting to see if UFW was enabled again on reboot ?
for the command

Code:

sudo ufw allow ftp

it needs to say

Code:

sudo ufw allow port-number-here

Replacing port-number-here with the actual port number.
for example 20, 21, 990, 40000, 50000 as per the tutorial (second link)

[timbuck2]

Yes, it was disabled.  I edited my previous post if you didn't see regarding ping.

[bitsnpcs]

Then when you check the firewall status you will see in the Rules the numbered rules for the ports you have set to open (to allow traffic) for using ftp.

[timbuck2]

Yes, this is what shows:

Status: active

To                        Action      From
--                        ------      ----
21/tcp                    ALLOW      Anywhere                 
22/tcp                    ALLOW      Anywhere                 
21/tcp (v6)                ALLOW      Anywhere (v6)           
22/tcp (v6)                ALLOW      Anywhere (v6) 

Also have after sudo iptables -L

Code:

Chain ufw-before-input (1 references) target    prot opt source              destination        ACCEPT    all  --  anywhere            anywhere            ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED ufw-logging-deny  all  --  anywhere            anywhere            ctstate INVALID DROP      all  --  anywhere            anywhere            ctstate INVALID ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable ACCEPT    icmp --  anywhere            anywhere            icmp source-quench ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded ACCEPT    icmp --  anywhere            anywhere            icmp parameter-problem ACCEPT    icmp --  anywhere            anywhere            icmp echo-request

So I can't understand why a Ping is not responded to.

[bitsnpcs]

Could there be any other security subsystem preventing this?

iptables, UFW is a front end for it.
Look at the tutorial link #2, it explains it. https://www.digitalocean.com/community/t...untu-18-04

[timbuck2]

So if I disable ufw, then iptables is still in effect?  My iptable -L output is:

Code:

Chain INPUT (policy DROP) target    prot opt source              destination        ufw-before-logging-input  all  --  anywhere            anywhere            ufw-before-input  all  --  anywhere            anywhere            ufw-after-input  all  --  anywhere            anywhere            ufw-after-logging-input  all  --  anywhere            anywhere            ufw-reject-input  all  --  anywhere            anywhere            ufw-track-input  all  --  anywhere            anywhere            Chain FORWARD (policy DROP) target    prot opt source              destination        ufw-before-logging-forward  all  --  anywhere            anywhere            ufw-before-forward  all  --  anywhere            anywhere            ufw-after-forward  all  --  anywhere            anywhere            ufw-after-logging-forward  all  --  anywhere            anywhere            ufw-reject-forward  all  --  anywhere            anywhere            ufw-track-forward  all  --  anywhere            anywhere            Chain OUTPUT (policy ACCEPT) target    prot opt source              destination        ufw-before-logging-output  all  --  anywhere            anywhere            ufw-before-output  all  --  anywhere            anywhere            ufw-after-output  all  --  anywhere            anywhere            ufw-after-logging-output  all  --  anywhere            anywhere            ufw-reject-output  all  --  anywhere            anywhere            ufw-track-output  all  --  anywhere            anywhere            Chain ufw-after-forward (1 references) target    prot opt source              destination        Chain ufw-after-input (1 references) target    prot opt source              destination        ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:netbios-ns ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:netbios-dgm ufw-skip-to-policy-input  tcp  --  anywhere            anywhere            tcp dpt:netbios-ssn ufw-skip-to-policy-input  tcp  --  anywhere            anywhere            tcp dpt:microsoft-ds ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:bootps ufw-skip-to-policy-input  udp  --  anywhere            anywhere            udp dpt:bootpc ufw-skip-to-policy-input  all  --  anywhere            anywhere            ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target    prot opt source              destination        LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target    prot opt source              destination        LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target    prot opt source              destination        Chain ufw-after-output (1 references) target    prot opt source              destination        Chain ufw-before-forward (1 references) target    prot opt source              destination        ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable ACCEPT    icmp --  anywhere            anywhere            icmp source-quench ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded ACCEPT    icmp --  anywhere            anywhere            icmp parameter-problem ACCEPT    icmp --  anywhere            anywhere            icmp echo-request ufw-user-forward  all  --  anywhere            anywhere            Chain ufw-before-input (1 references) target    prot opt source              destination        ACCEPT    all  --  anywhere            anywhere            ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED ufw-logging-deny  all  --  anywhere            anywhere            ctstate INVALID DROP      all  --  anywhere            anywhere            ctstate INVALID ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable ACCEPT    icmp --  anywhere            anywhere            icmp source-quench ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded ACCEPT    icmp --  anywhere            anywhere            icmp parameter-problem ACCEPT    icmp --  anywhere            anywhere            icmp echo-request ACCEPT    udp  --  anywhere            anywhere            udp spt:bootps dpt:bootpc ufw-not-local  all  --  anywhere            anywhere            ACCEPT    udp  --  anywhere            224.0.0.251          udp dpt:mdns ACCEPT    udp  --  anywhere            239.255.255.250      udp dpt:1900 ufw-user-input  all  --  anywhere            anywhere            Chain ufw-before-logging-forward (1 references) target    prot opt source              destination        Chain ufw-before-logging-input (1 references) target    prot opt source              destination        Chain ufw-before-logging-output (1 references) target    prot opt source              destination        Chain ufw-before-output (1 references) target    prot opt source              destination        ACCEPT    all  --  anywhere            anywhere            ACCEPT    all  --  anywhere            anywhere            ctstate RELATED,ESTABLISHED ufw-user-output  all  --  anywhere            anywhere            Chain ufw-logging-allow (0 references) target    prot opt source              destination        LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target    prot opt source              destination        RETURN    all  --  anywhere            anywhere            ctstate INVALID limit: avg 3/min burst 10 LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target    prot opt source              destination        RETURN    all  --  anywhere            anywhere            ADDRTYPE match dst-type LOCAL RETURN    all  --  anywhere            anywhere            ADDRTYPE match dst-type MULTICAST RETURN    all  --  anywhere            anywhere            ADDRTYPE match dst-type BROADCAST ufw-logging-deny  all  --  anywhere            anywhere            limit: avg 3/min burst 10 DROP      all  --  anywhere            anywhere            Chain ufw-reject-forward (1 references) target    prot opt source              destination        Chain ufw-reject-input (1 references) target    prot opt source              destination        Chain ufw-reject-output (1 references) target    prot opt source              destination        Chain ufw-skip-to-policy-forward (0 references) target    prot opt source              destination        DROP      all  --  anywhere            anywhere            Chain ufw-skip-to-policy-input (7 references) target    prot opt source              destination        DROP      all  --  anywhere            anywhere            Chain ufw-skip-to-policy-output (0 references) target    prot opt source              destination        ACCEPT    all  --  anywhere            anywhere            Chain ufw-track-forward (1 references) target    prot opt source              destination        Chain ufw-track-input (1 references) target    prot opt source              destination        Chain ufw-track-output (1 references) target    prot opt source              destination        ACCEPT    tcp  --  anywhere            anywhere            ctstate NEW ACCEPT    udp  --  anywhere            anywhere            ctstate NEW Chain ufw-user-forward (1 references) target    prot opt source              destination        Chain ufw-user-input (1 references) target    prot opt source              destination        ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ftp ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:ssh Chain ufw-user-limit (0 references) target    prot opt source              destination        LOG        all  --  anywhere            anywhere            limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT    all  --  anywhere            anywhere            reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target    prot opt source              destination        ACCEPT    all  --  anywhere            anywhere            Chain ufw-user-logging-forward (0 references) target    prot opt source              destination        Chain ufw-user-logging-input (0 references) target    prot opt source              destination        Chain ufw-user-logging-output (0 references) target    prot opt source              destination        Chain ufw-user-output (1 references) target    prot opt source              destination   

When I try to stop iptables I get:

Code:

sudo service iptables stop Failed to stop iptables.service: Unit iptables.service not loaded.

[bitsnpcs]

The rules need to be in usage order.
Earlier rules take higher value.
To prevent later rules being nulled by earlier rules you need to place those rules earlier than any that would null it, before those affecting re; drop.
example - allow all, then later add a rule to block an IP address it wont get blocked because the blocked IP is not set as rule 1 so it is nulled by the - allow all (including allow the blocked IP) , so it needs to use (insert 1) on the deny/reject for the specified ip, and so it will then override the allow all.
Meaning it blocks the IP specified in insert 1, as this is Rule #1, but allows all other IP that are not the ip in rule 1, as it perform allow all as Rule #2.

So you need to follow that reasoning with your rules, I don't know if the iptables rules or the ufw rules for it run first.
Eg; UFW default deny incoming , allow outgoing, if it runs first it will do as asked and Deny incoming etc.
With UFW being called a front end I am guessing that it might run first, but I am not sure, only guessing.
Someone with more experience will answer soon.