UFW blocking ftp traffic??

[eddie3000]

Hello again.

I have a raspberry with raspbian, which I believe to be based on debian 10. I have it with openssh-server and openvpn running.

I have a script that downloads and uploads to different ftp servers that are not mine. The script is triggered using cron. I am using wget and curl. None of them work with ufw enabled, not even from the command line.

Here are the UFW rules:

Code: Select all

To                         Action      From
--                         ------      ----
22                       ALLOW IN    Anywhere                  
1194                      ALLOW IN    Anywhere                  
80                         ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
21                         ALLOW IN    Anywhere                  
20,21/tcp                  ALLOW IN    Anywhere                  
22 (v6)                  ALLOW IN    Anywhere (v6)             
1194 (v6)                 ALLOW IN    Anywhere (v6)             
80 (v6)                    ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
21 (v6)                    ALLOW IN    Anywhere (v6)             
20,21/tcp (v6)             ALLOW IN    Anywhere (v6)             

21/tcp                     ALLOW OUT   Anywhere                  
21                         ALLOW OUT   Anywhere                  
21/tcp (v6)                ALLOW OUT   Anywhere (v6)             
21 (v6)                    ALLOW OUT   Anywhere (v6)             

When I disable UFW the script works fine. I have reset ufw various times and re-entered all the rules, one at a time, but without success.

I have another computer with debian 10 recently installed, same setup as the raspberry. Openssh-server and openvpn, and the exact same script triggered from cron. With only the ssh ports and vpn ports allowed in ufw, it works flawlessly.

Code: Select all

To                         Action      From
--                         ------      ----
22                       ALLOW IN    Anywhere                  
1194                       ALLOW IN    Anywhere                  
22 (v6)                  ALLOW IN    Anywhere (v6)             
1194 (v6)                  ALLOW IN    Anywhere (v6)             

I somehow believe that ufw on my raspberry is not setting up iptables correctly, and ufw reset is not working. What can I do? The easiest solution for me would be to reinstall from scratch as it would only take be about half an hour. But I know nothing about iptables and it might be educational to fix it instead of reinstalling. Can this be all fixed done via ssh without getting locked out as well?

Thank you.

[dilberts_left_nut]

Why do you need a firewall?

[eddie3000]

Why do you need a firewall?

Fear. I'm afraid of two things, basically:

1- Outbound connections by unauthorized programs possibly leaking personal data.

2- Inbound unauthorized connections, trying to get information.

I am using open source software. I have to trust it to a certain degree. But not entirely. So having a firewall might be a good idea, I think. Both computers sit behind a router connected to the internet. The router already provides some protection. But for the paranoid people like myself that is not enough. The mi7, cia, China, Russia or someother "hollywood style" group of hackers might be trying to steal my holiday photos!

I have very basic knowledge on computer security. That's why I'm having problems with my ufw on my raspberry, not working as I would expect.

[arzgi]

Hello again.

I have a raspberry with raspbian

I have too, but this is Debian User Forums. Better ask https://www.raspberrypi.org/forums/

[eddie3000]

Are you suggesting I leave?

I honestly don't think my problem is specific to raspbian. Isn't raspbian really debian prepared for a raspberry pi? Do you think my problem is because of me using a raspberry pi? If so, why?

[Head_on_a_Stick]

Are you suggesting I leave?

Yes.

Isn't raspbian really debian prepared for a raspberry pi?

No.

Do you think my problem is because of me using a raspberry pi? If so, why?

We have no way of knowing and that's the whole point, please stop wasting our time.

[eddie3000]

I'm sorry if you feel I am wasting your time.

[eddie3000]

Maybe somebody else might want to help?

[cuckooflew]

Maybe , but you really would be better off asking support at raspberry pi, they might know something that we , (Debian users) don't know,...some search foo, but be sure to include "for rasberry pi" in your key words., Ok, I did it for you: https://raspberrytips.com/security-tips-raspberry-pi/
Before getting offended, or snippy, do read the pages the link goes to, I skimmed through it, and it does give a straight forward example of what your ufw configuration should be, also if you have questions/comments the author appears to respond pretty well, ...
EG:

Patrick Fromaget Post authorApril 30, 2020Reply

Hi Thomas,

Yes, these are good projects to try
You can find a few tutorials on RaspberryTips about them

I think you’ll need the same time to do it directly with iptables or to upgrade later, so do it when it’s better for you

Patrick

These:

Code: Select all

UFW on raspberry pi blocking ftp traffic? 

Are the keywords I used, there are more results, some might be better.

[dilberts_left_nut]

Why do you need a firewall?

Fear. I'm afraid of two things, basically:

1- Outbound connections by unauthorized programs possibly leaking personal data.

2- Inbound unauthorized connections, trying to get information.

I am using open source software. I have to trust it to a certain degree. But not entirely. So having a firewall might be a good idea, I think. Both computers sit behind a router connected to the internet. The router already provides some protection. But for the paranoid people like myself that is not enough. The mi7, cia, China, Russia or someother "hollywood style" group of hackers might be trying to steal my holiday photos!

I have very basic knowledge on computer security. That's why I'm having problems with my ufw on my raspberry, not working as I would expect.

The only thing your firewall is doing is causing you trouble - you should just turn it off.