SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Support for security such as Firewalls and securing linux
Post Reply
80251
Posts: 10
Joined: 2013/01/10 07:54:34

SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Post by 80251 » 2013/03/05 07:46:35

I've skimmed over the SELinux FAQ, but it didn't directly address my particular issue.

I have two CentOS 5.5 boxes, one setup w/SELinux as enforcing on a LAN and the other setup remotely w/o SELinux installed at all. I VPN into the remote CentOS 5.5 box w/o SELinux via Cisco AnyConnect. From my XP box on the local LAN I can use FireFTP to xfer files to/from the box w/o SELinux installed, but the local CentOS 5.5 box w/SELinux setup as enforcing errors out not only on FireFTP xfers but scp xfers as well. Could my problems transferring files between the enforcing SELinux box and the remote VPN CentOS 5.5 box all be down to SELinux (which does throw an IPtables warning everytime I start up Cisco AnyConnect VPN client)?

I couldn't see any references to Cisco AnyConnect in this forum.

80251
Posts: 10
Joined: 2013/01/10 07:54:34

Re: SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Post by 80251 » 2013/03/08 07:40:48

This problem has been resolved. The MTU for my local ISP didn't match the MTU setup for eth0. I lowered the MTU on eth0 and everything worked.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: [RESOLVED] SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Post by TrevorH » 2013/03/08 10:41:50

Glad to hear it's all working. Marking this thread as [RESOLVED].

80251
Posts: 10
Joined: 2013/01/10 07:54:34

Re: SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Post by 80251 » 2013/03/10 05:22:33

Actually, it seems like my fix only moved the goalposts. For any files less than 10MiB or 20MiB, everything is fine, for files greater than this scp
exhibits the same problems as before, but at this point I'm somewhat confident it has nothing to do w/SELinux.

User avatar
AlanBartlett
Forum Moderator
Posts: 9345
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Post by AlanBartlett » 2013/03/10 20:40:50

I am sorry to read that the problem still persists. I have, therefore, 'unmarked' this thread as [RESOLVED].

Although I have no solution for you, I must stress that usage of [i]CentOS 5.5[/i] is deprecated and unsupported. The current, supported, version of [i]CentOS 5[/i] is the ninth update -- i.e. [i]CentOS 5.9[/i]. My advice is to read through the following four sets of update release notes [1][2][3][4] to familiarise yourself with the issues fixed and new features, then to update those systems to [i]CentOS 5.9[/i].

Only by doing that can we be sure that the issue you are experiencing is not due to some aspect that has already been fixed.

[1] http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.6
[2] http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.7
[3] http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.8
[4] http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.9

scottro
Forum Moderator
Posts: 2556
Joined: 2007/09/03 21:18:09
Location: NYC
Contact:

SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Post by scottro » 2013/03/10 21:31:27

I find that VPNC works quite well for me--the last time I tried the Cisco client for Linux (which was at least a year ago), it was pretty awful.

http://home.roadrunner.com/~computertaijutsu/vpnc.html


(My own page about it.)

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SELinux, scp, FireFTP and Cisco AnyConnect VPN client

Post by TrevorH » 2013/03/10 23:32:29

+1 for vpnc here, I use it all day, every day though unfortunately it disconnects rather more often than I'd like. I think I've seen it stay active just once for more than 24 hours continuously.

Post Reply