Shorewall users - Jan 2002 - FTP problem

Hi,
I explain here a typical mistake of beginners.
It occured to me and 2 of my mates, obviously we didn''t examine the
manual
too closely ;)
If it still doesn''t work mail again, pls.

The machine where you installed Shorewall is an own zone, named fw (for 
firewall).
So you need to add a rule for the FTP traffic for the machine to accept it, 
e.g.
ACCEPT          net     fw      tcp     ftp     -       all

If you have an FTP-Server on a machine in your network, for example on 
machine 192.168.1.20 you need
ACCEPT          net     local:192.168.1.20      tcp     ftp     -       all

On the other hand you have to explicitely allow EVERY service for your 
shorewall-machine. So if you want to FTP *from* it you would have to add
ACCEPT          fw     net      tcp     ftp     -       all

The fw-thing is a bit hidden, but once you got it it''ll work smoothly.
I hope I could help you :)

Regards,
Markus

At 17:36 09.01.2002 -0800, huytu@mail.com wrote:
>Dear Shorewall-Users,
>I am a newbie with Shorewall .
>After install Shorewall 1.2.2 ,everything work OK except FTP :they
>tell connection time out when connect to internet ,but to my DMZ is
>OK.
>I check my config many time but i gave up.Pls help me some opinions.
>
>
>
>
>--
>Best regards,
>  T.Q.Huy                          mailto:huytu@hcmc.netnam.vn
>
>_______________________________________________
>Shorewall-users mailing list
>Shorewall-users@shorewall.net
>http://www.shorewall.net/mailman/listinfo/shorewall-users

Hi all,

I liked Charles''s simple little cat script to add IPs to the blacklist,
as
I''m usually one to do things the hard way (vi /etc/...).

I did a little tinkering, and came up with something helpful (to me, anyway)
to try.

Putting this command:

 echo -e $1 \\t ''#'' "${@:2}" >>
/etc/shorewall/blacklist ; shorewall refresh

into a bash shell script allows additions to the blacklist with comments in
a single command (I could never remember all the IPs and why I black listed
them)

Hope this is useful.  If I missed something obvious, feel free to let me
know in a direct reply so as not to clutter the list.

John S.


Tracking #: 2F17C9A9E537A647B0E53527F28E00744A2055FD

Dear Shorewall-Users,
I am a newbie with Shorewall .
After install Shorewall 1.2.2 ,everything work OK except FTP :they
tell connection time out when connect to internet ,but to my DMZ is
OK.
I check my config many time but i gave up.Pls help me some opinions.


  

-- 
Best regards,
 T.Q.Huy                          mailto:huytu@hcmc.netnam.vn

Dear shorewall-users,

  Many thanks for all of Your answers .
  But i realized that seem my MASQ have problem .Because i don''t masq
  my local to internet-interface(eth0) ,i masq it to dmz-interface (this is
  real-IP ).Can i do that ?

-- 
Best regards,
 huytu                          mailto:huytu@mail.com