Hi, i have one linux gateway (2 NIC´s) using shorewall and one problem. This is my net config: net eth0 loc eth1 Inside eth1, i have many linux servers and one Novell 4.11 server inside eth1 and my problem is that i cannot connect to my Novell´s server using FTP from outside (eth0). If i´m inside eth1, FTP works fine. I try this rules to make it works (it works to another linux server, inside eth1): ACCEPT all loc:ip tcp 20 ACCEPT all loc:ip tcp 21, where ip is the Novell´s ip address My policy is: loc net ACCEPT net all DROP info # # THE FOLLOWING POLICY MUST BE LAST # fw net ACCEPT all all REJECT info Anyone can help me to make FTP to Novell´s server works? Thanks in advance, Mauricio. _________________________________________________________________ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
Mauricio Cavalcanti wrote:> Hi, > i have one linux gateway (2 NIC´s) using shorewall and one problem. > > This is my net config: > net eth0 > loc eth1 > > Inside eth1, i have many linux servers and one Novell 4.11 server inside > eth1 and my problem is that i cannot connect to my Novell´s server using > FTP from outside (eth0). If i´m inside eth1, FTP works fine. > > I try this rules to make it works (it works to another linux server, > inside eth1): > ACCEPT all loc:ip tcp 20 > ACCEPT all loc:ip tcp 21, where ip is the > Novell´s ip addressa) Does the Novell server have a public or private IP address? b) Have you carefully reviewed the information at http://shorewall.net/FTP.html? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
a) public b) yes Fedora Core 1 with shorewall-1.4.8-1.fdr.2.1.>From firewall, i can connect to Novell FTP server. From anywhere i canconnect to my linux FTP servers, and all of them are connected to the same switch and are using the same netmask (public). Thanks in advance, Mauricio. _________________________________________________________________ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
Mauricio Cavalcanti wrote:> a) public > > b) yes > > Fedora Core 1 with shorewall-1.4.8-1.fdr.2.1. > >> From firewall, i can connect to Novell FTP server. From anywhere i can > > connect to my linux FTP servers, and all of them are connected to the > same switch and are using the same netmask (public).Does the Novell server have the correct default gateway? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
FTP to Novell works when i do shorewall clear, so i think that it´s not a gateway problem. Thanks again, Mauricio.>From: Tom Eastep <teastep@shorewall.net> >Reply-To: Mailing List for Shorewall Users ><shorewall-users@lists.shorewall.net> >To: Mailing List for Shorewall Users <shorewall-users@lists.shorewall.net> >Subject: Re: [Shorewall-users] FTP to Novell >Date: Wed, 19 May 2004 14:48:10 -0700 > >Mauricio Cavalcanti wrote: >>a) public >> >>b) yes >> >>Fedora Core 1 with shorewall-1.4.8-1.fdr.2.1. >> >>>From firewall, i can connect to Novell FTP server. From anywhere i can >> >>connect to my linux FTP servers, and all of them are connected to the same >>switch and are using the same netmask (public). > >Does the Novell server have the correct default gateway? > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm_________________________________________________________________ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
Mauricio Cavalcanti wrote:> > FTP to Novell works when i do shorewall clear, so i think that it´s not > a gateway problem. >Then you are going to have to debug the problem. tcpdump/ethereal is your friend as is "shorewall show log" -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Mauricio Cavalcanti wrote: > >> >> FTP to Novell works when i do shorewall clear, so i think that it´s >> not a gateway problem. >> > > Then you are going to have to debug the problem. tcpdump/ethereal is > your friend as is "shorewall show log" >And by the way: As pointed out at http://shorewall.net/FTP.html, your rule with 20 in the PORT(S) column is nonsense. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net