search for: allowftp

I am trying to get the AllowFTP action to work for Net > DMZ traffic and FTP pasv. I know it is kind of working, as the user can log in, however, it fails at the port. I have had to open up some high ports for pasv to work. Now I know this aint cool, so does anyone know what a person has to do to get the AllowFTP action to wor...

...eth0 detect At the moment eth1 is not connected. Might this be the source of the problem? Something else? ====== Another question In params I have (numbers changed to protect the guilty) # TRU Trusted IP addresses TRU=123.4.5.6,987.6.5.4 In rules (among other things) I have AllowFTP fw net AllowFTP net fw But I really only want to allow this access from $TRU. Ideally I would like to an ftp session that is initiated on the firewall to be allowed everywhere, but other ftp sessions to the firewall to only be allowed from $TRU. How is this done? Many tha...

Lables: Gateway = 209.5.171.65 Netmask = 255.255.255.192 Eth0 = net = 209.5.171.66 Eth1 = loc = 192.168.0.1 There is no NAT clients, in essence loc is dmz. I can rename loc to dmz if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126 Problem: Using the Shorewall Action AllowFTP does not result in desired behavior when connecting from Internet to machines behind firewall in DMZ. From my understanding, ip_conntrac should see a person come in on port 21, and automatically open either port 20 in regular ftp mode, or open highports in pasv mode. This does not happen, and using...

Release candidate 1 is available at: http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta The ''releasenotes.txt'' file tells you about the release. -Tom PS to those of you on the Shorewall Announcement List: Feedback to this point is overwelmingly in favor of keeping Beta and Release Candidate announcements on this list. I have configured the list

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

...lies'' + read first rest + ''['' x = xINCLUDE '']'' + echo '' '' + read first rest + ''['' xAllowPing = xINCLUDE '']'' + echo ''AllowPing #Accept Ping'' + read first rest + ''['' xAllowFTP = xINCLUDE '']'' + echo ''AllowFTP #Accept FTP'' + read first rest + ''['' xAllowDNS = xINCLUDE '']'' + echo ''AllowDNS #Accept DNS'' + read first rest + ''['' xAllowSSH = xINCLUDE '']''...

Ian has proposed that we change the way that logging interacts with defined actions. Currently, if logging is specified on the invocation of an action (e.g., "AllowFTP:info all all"), all traffic sent to the AllowFTP chain is logged. In most cases, this isn''t what the user intended and other people have expressed surprise about this behavior in the past. The way I see this working is that in process_actions1() and process_rules(), we keep track...

Goodday, First my network layout: dsl router (10.0.0.99) | server (eth0 10.0.0.1, eth1 10.0.1.10) | 3 times windows machine (10.0.1.2, 10.0.1.3, 10.0.1.4) (all with proxy settings 10.0.1.10:8080) Now on the server is mandrake 10 installed with shorewall as firewall. And a apache webserver (and no ftp server). When i turned internet sharing on it started squid which added a line in the

...techroom and only a limited amount of traffic is to leave the techroom. Below are a few log entries I looking to get explained. DHCP is handled by the firewall, DNS is handled by servers side our techroom. my rules file AllowSSH all fw AllowDNS all net:10.1.1.159,10.1.1.160 AllowFTP loc net AllowWeb loc net AllowPOP3 loc net AllowSMTP loc net:172.16.35.10,172.16.35.33 AllowSMB loc net:10.1.1.159,10.1.1.160 my policy file loc all DROP info net all DROP inf...

...p 53 # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 ACCEPT net fw icmp 8 ACCEPT fw loc icmp ACCEPT fw net icmp # # Allow Firewall to act as FTP Server (added by Graham 2004.10.11) AllowFTP net fw AllowFTP loc fw # # Allow Firewall to do SaMBa file sharing (added by Graham2004.10.11) # ACCEPT fw loc udp 137:139 ACCEPT fw loc tcp 137,139,445 ACCEPT fw loc udp 1024: 137 ACCEPT loc fw udp 137:139 ACCEPT loc fw tcp 137,139,445 ACCEPT loc fw udp 1024: 137 #LAST LINE --...

...ACCEPT all all DROP - providers: SVR 1 1 main eth1 IP.OF.SVR.GW track (?) eth0 OGO 2 2 main eth2 IP.OF.OGO.GW track (?) eth0 - zones: svr svr svr ogo ogo ogo loc loc loc - rules: AllowPing svr fw AllowSSH svr fw AllowFTP svr fw AllowSMTP svr fw AllowPing ogo fw AllowSSH ogo fw AllowFTP ogo fw AllowSMTP ogo fw So, the main Q is: if I use PBR via "ip route" command from the script, will the above files do exactly what I want? I think, no :-). Any help is appreciated. Th...

...DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth......

Hello all, What I am doing seems fairly straight forward to me, I just am not sure how to put it into Shorewall''s config files. Here is what I have: I have a single router that takes 5 public IP addresses and routes them to internal IP addresses. In the past, I had control over that router and could port filter at the router, forwarding only the traffic I wanted. However, now, I

Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja

...8.0.1,192.168.0.2" ;; work) TRUSTED_FTP="$NONE" TRUSTED_SMB="net:10.1.2.100,10.1.2.102" ;; *) TRUSTED_FTP="$NONE" TRUSTED_SMB="$NONE" ;; esac In /etc/shorewall/rules: AllowFTP $TRUSTED_FTP $FW AllowSMB $TRUSTED_SMB $FW In this way I can use a common (and simple) rules file which works for all networks, provided that the variables are set up correctly in the params file. Now, I would like that the SOURCE field in rules could accept the value ''none...

...eferences) pkts bytes target prot opt in out source destination 2 126 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 Chain AllowFTP (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 Chain AllowPOP3 (2 references) pkts bytes target prot opt in out source...

...tted, the MAC address is suppressed. 7. In /etc/shorewall/rules, a value of ''none'' in either the SOURCE or DEST columns now causes the rule to be ignored. This is most useful when used with shell variables: Example: /etc/shorewall/rules: AllowFTP $FTP_CLIENTS fw When FTP_CLIENTS is set to ''none'', the above rule is ignored. Otherwise, the rule is evaluated and generates Netfilter rules. 8. The installer now detects that it is running on a Slackware system and adjusts the DEST and INIT variables accordingly....

...BMIN connections from the local to firewall # ACCEPT loc fw tcp 10000 # # ACCEPT FTP TO loc LAN PC DNAT net loc:192.168.0.50 tcp 21 21 # # INCOMING #AllowPing net fw #AllowSSH net fw #AllowSSH loc fw #AllowDNS net fw #AllowFTP net fw #AllowWeb net fw #AllowSMTP net fw #AllowPOP3 net fw #AllowIMAP net fw #REDIRECT net 22 tcp 22 # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE SHOREWALL.CONF: -------------------------------------------------------------...

...DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth......

...tion.DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pr...