UFW blocking ftp traffic??

Kernels & Hardware, configuring network, installing services

UFW blocking ftp traffic??

Postby eddie3000 » 2020-05-21 06:35

Hello again.

I have a raspberry with raspbian, which I believe to be based on debian 10. I have it with openssh-server and openvpn running.

I have a script that downloads and uploads to different ftp servers that are not mine. The script is triggered using cron. I am using wget and curl. None of them work with ufw enabled, not even from the command line.

Here are the UFW rules:

Code: Select all
To                         Action      From
--                         ------      ----
22                       ALLOW IN    Anywhere                 
1194                      ALLOW IN    Anywhere                 
80                         ALLOW IN    Anywhere                 
443                        ALLOW IN    Anywhere                 
21                         ALLOW IN    Anywhere                 
20,21/tcp                  ALLOW IN    Anywhere                 
22 (v6)                  ALLOW IN    Anywhere (v6)             
1194 (v6)                 ALLOW IN    Anywhere (v6)             
80 (v6)                    ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
21 (v6)                    ALLOW IN    Anywhere (v6)             
20,21/tcp (v6)             ALLOW IN    Anywhere (v6)             

21/tcp                     ALLOW OUT   Anywhere                 
21                         ALLOW OUT   Anywhere                 
21/tcp (v6)                ALLOW OUT   Anywhere (v6)             
21 (v6)                    ALLOW OUT   Anywhere (v6)             



When I disable UFW the script works fine. I have reset ufw various times and re-entered all the rules, one at a time, but without success.

I have another computer with debian 10 recently installed, same setup as the raspberry. Openssh-server and openvpn, and the exact same script triggered from cron. With only the ssh ports and vpn ports allowed in ufw, it works flawlessly.
Code: Select all
To                         Action      From
--                         ------      ----
22                       ALLOW IN    Anywhere                 
1194                       ALLOW IN    Anywhere                 
22 (v6)                  ALLOW IN    Anywhere (v6)             
1194 (v6)                  ALLOW IN    Anywhere (v6)             



I somehow believe that ufw on my raspberry is not setting up iptables correctly, and ufw reset is not working. What can I do? The easiest solution for me would be to reinstall from scratch as it would only take be about half an hour. But I know nothing about iptables and it might be educational to fix it instead of reinstalling. Can this be all fixed done via ssh without getting locked out as well?

Thank you.
eddie3000
 
Posts: 21
Joined: 2020-04-26 07:22

Re: UFW blocking ftp traffic??

Postby dilberts_left_nut » 2020-05-21 09:06

Why do you need a firewall?
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 5074
Joined: 2009-10-05 07:54
Location: enzed

Re: UFW blocking ftp traffic??

Postby eddie3000 » 2020-05-21 12:49

Why do you need a firewall?


Fear. I'm afraid of two things, basically:

1- Outbound connections by unauthorized programs possibly leaking personal data.

2- Inbound unauthorized connections, trying to get information.

I am using open source software. I have to trust it to a certain degree. But not entirely. So having a firewall might be a good idea, I think. Both computers sit behind a router connected to the internet. The router already provides some protection. But for the paranoid people like myself that is not enough. The mi7, cia, China, Russia or someother "hollywood style" group of hackers might be trying to steal my holiday photos!

I have very basic knowledge on computer security. That's why I'm having problems with my ufw on my raspberry, not working as I would expect.
eddie3000
 
Posts: 21
Joined: 2020-04-26 07:22

Re: UFW blocking ftp traffic??

Postby arzgi » 2020-05-21 13:36

eddie3000 wrote:Hello again.

I have a raspberry with raspbian


I have too, but this is Debian User Forums. Better ask https://www.raspberrypi.org/forums/
arzgi
 
Posts: 640
Joined: 2008-02-21 17:03
Location: Finland

Re: UFW blocking ftp traffic??

Postby eddie3000 » 2020-05-21 13:52

Are you suggesting I leave?

I honestly don't think my problem is specific to raspbian. Isn't raspbian really debian prepared for a raspberry pi? Do you think my problem is because of me using a raspberry pi? If so, why?
eddie3000
 
Posts: 21
Joined: 2020-04-26 07:22

Re: UFW blocking ftp traffic??

Postby Head_on_a_Stick » 2020-05-21 15:01

eddie3000 wrote:Are you suggesting I leave?

Yes.

eddie3000 wrote:Isn't raspbian really debian prepared for a raspberry pi?

No.

eddie3000 wrote:Do you think my problem is because of me using a raspberry pi? If so, why?

We have no way of knowing and that's the whole point, please stop wasting our time.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12497
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: UFW blocking ftp traffic??

Postby eddie3000 » 2020-05-21 15:54

I'm sorry if you feel I am wasting your time.
eddie3000
 
Posts: 21
Joined: 2020-04-26 07:22

Re: UFW blocking ftp traffic??

Postby eddie3000 » 2020-05-21 15:58

Maybe somebody else might want to help?
eddie3000
 
Posts: 21
Joined: 2020-04-26 07:22

Re: UFW blocking ftp traffic??

Postby cuckooflew » 2020-05-21 19:28

Maybe , but you really would be better off asking support at raspberry pi, they might know something that we , (Debian users) don't know,...some search foo, but be sure to include "for rasberry pi" in your key words., Ok, I did it for you: https://raspberrytips.com/security-tips-raspberry-pi/
Before getting offended, or snippy, do read the pages the link goes to, I skimmed through it, and it does give a straight forward example of what your ufw configuration should be, also if you have questions/comments the author appears to respond pretty well, ...
EG:
Patrick Fromaget Post authorApril 30, 2020Reply

Hi Thomas,

Yes, these are good projects to try
You can find a few tutorials on RaspberryTips about them

I think you’ll need the same time to do it directly with iptables or to upgrade later, so do it when it’s better for you

Patrick


These:
Code: Select all
UFW on raspberry pi blocking ftp traffic?

Are the keywords I used, there are more results, some might be better.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
cuckooflew
 
Posts: 683
Joined: 2018-05-10 19:34
Location: Some where out west

Re: UFW blocking ftp traffic??

Postby dilberts_left_nut » 2020-05-22 23:56

eddie3000 wrote:
Why do you need a firewall?


Fear. I'm afraid of two things, basically:

1- Outbound connections by unauthorized programs possibly leaking personal data.

2- Inbound unauthorized connections, trying to get information.

I am using open source software. I have to trust it to a certain degree. But not entirely. So having a firewall might be a good idea, I think. Both computers sit behind a router connected to the internet. The router already provides some protection. But for the paranoid people like myself that is not enough. The mi7, cia, China, Russia or someother "hollywood style" group of hackers might be trying to steal my holiday photos!

I have very basic knowledge on computer security. That's why I'm having problems with my ufw on my raspberry, not working as I would expect.

The only thing your firewall is doing is causing you trouble - you should just turn it off.
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 5074
Joined: 2009-10-05 07:54
Location: enzed


Return to System configuration

Who is online

Users browsing this forum: No registered users and 16 guests

fashionable