On Mon, 2005-01-03 at 05:34 -0800, Rudy Koento wrote:> Hi,
>
> I''m using the same set of firewall rules of 2.0.x
> (sorry, I can''t remember the exact minor version) and
> put it to work with 2.0.9. And now I can''t do passive
> ftp (was working before).
>
> I see that my NEWNOTSYN is set to Yes, and the
> loc->net rule is blocking 1024:65535.
>
> But I believe with the ip_conntrack_ftp, the passive
> mode would be allowed, since it''s a RELATED
> connection...
>
> I''d post more of my configuration if it''s useful.
If ip_conntrack_ftp and ip_nat_ftp are loaded and you have TCP port 21
accepted from loc->net then passive mode should work. Since Shorewall
has no FTP-specific code, there should be no upgrade issues WRT FTP. did
you upgrade other software at the same time?
As always, when you want help with connection-related problems, you need
to follow the support guide, particularly the part that begins THIS IS
IMPORTANT!
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key