Displaying 20 results from an estimated 24 matches for "allowftp".
2005 Jun 02
4
Net > DMZ and AllowFTP
I am trying to get the AllowFTP action to work for Net > DMZ traffic and
FTP pasv. I know it is kind of working, as the user can log in, however,
it fails at the port. I have had to open up some high ports for pasv to
work. Now I know this aint cool, so does anyone know what a person has
to do to get the AllowFTP action to wor...
2005 Mar 27
3
Errors in tos? and restricting ftp access
...eth0 detect
At the moment eth1 is not connected. Might this be the source of the
problem? Something else?
====== Another question
In params I have (numbers changed to protect the guilty)
# TRU Trusted IP addresses
TRU=123.4.5.6,987.6.5.4
In rules (among other things) I have
AllowFTP fw net
AllowFTP net fw
But I really only want to allow this access from $TRU. Ideally I
would like to an ftp session that is initiated on the firewall to be
allowed everywhere, but other ftp sessions to the firewall to only be
allowed from $TRU. How is this done?
Many tha...
2005 Jun 02
3
Net > DMZ > AllowFTP
Lables:
Gateway = 209.5.171.65
Netmask = 255.255.255.192
Eth0 = net = 209.5.171.66
Eth1 = loc = 192.168.0.1
There is no NAT clients, in essence loc is dmz. I can rename loc to dmz
if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126
Problem:
Using the Shorewall Action AllowFTP does not result in desired behavior
when connecting from Internet to machines behind firewall in DMZ. From
my understanding, ip_conntrac should see a person come in on port 21,
and automatically open either port 20 in regular ftp mode, or open
highports in pasv mode. This does not happen, and using...
2004 Mar 25
2
Shorewall 2.0.1 RC1
Release candidate 1 is available at:
http://shorewall.net/pub/shorewall/Beta
ftp://shorewall.net/pub/shorewall/Beta
The ''releasenotes.txt'' file tells you about the release.
-Tom
PS to those of you on the Shorewall Announcement List:
Feedback to this point is overwelmingly in favor of keeping Beta and
Release Candidate announcements on this list.
I have configured the list
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
...lies''
+ read first rest
+ ''['' x = xINCLUDE '']''
+ echo '' ''
+ read first rest
+ ''['' xAllowPing = xINCLUDE '']''
+ echo ''AllowPing #Accept Ping''
+ read first rest
+ ''['' xAllowFTP = xINCLUDE '']''
+ echo ''AllowFTP #Accept FTP''
+ read first rest
+ ''['' xAllowDNS = xINCLUDE '']''
+ echo ''AllowDNS #Accept DNS''
+ read first rest
+ ''['' xAllowSSH = xINCLUDE '']''...
2004 Jul 15
1
Logging and Actions
Ian has proposed that we change the way that logging interacts with
defined actions. Currently, if logging is specified on the invocation of
an action (e.g., "AllowFTP:info all all"), all traffic sent to the
AllowFTP chain is logged. In most cases, this isn''t what the user
intended and other people have expressed surprise about this behavior in
the past.
The way I see this working is that in process_actions1() and
process_rules(), we keep track...
2005 Mar 26
11
Do i need a proxy??
Goodday,
First my network layout:
dsl router (10.0.0.99)
|
server (eth0 10.0.0.1, eth1 10.0.1.10)
|
3 times windows machine (10.0.1.2, 10.0.1.3, 10.0.1.4)
(all with proxy settings 10.0.1.10:8080)
Now on the server is mandrake 10 installed with shorewall as firewall.
And a apache webserver (and no ftp server).
When i turned internet sharing on it started squid which added a line in the
2004 Jun 11
5
help with rules / log entries
...techroom and only a limited amount of traffic is to leave the techroom.
Below are a few log entries I looking to get explained.
DHCP is handled by the firewall, DNS is handled by servers side our
techroom.
my rules file
AllowSSH all fw
AllowDNS all net:10.1.1.159,10.1.1.160
AllowFTP loc net
AllowWeb loc net
AllowPOP3 loc net
AllowSMTP loc net:172.16.35.10,172.16.35.33
AllowSMB loc net:10.1.1.159,10.1.1.160
my policy file
loc all DROP info
net all DROP inf...
2004 Oct 11
5
Intermittant Samba glitch
...p 53
#
# Accept SSH connections from the local network for administration
#
ACCEPT loc fw tcp 22
#
# Allow Ping To And From Firewall
#
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp
ACCEPT fw net icmp
#
# Allow Firewall to act as FTP Server (added by Graham 2004.10.11)
AllowFTP net fw
AllowFTP loc fw
#
# Allow Firewall to do SaMBa file sharing (added by Graham2004.10.11)
#
ACCEPT fw loc udp 137:139
ACCEPT fw loc tcp 137,139,445
ACCEPT fw loc udp 1024: 137
ACCEPT loc fw udp 137:139
ACCEPT loc fw tcp 137,139,445
ACCEPT loc fw udp 1024: 137
#LAST LINE --...
2006 Apr 02
1
Two ISP
...ACCEPT
all all DROP
- providers:
SVR 1 1 main eth1 IP.OF.SVR.GW track (?) eth0
OGO 2 2 main eth2 IP.OF.OGO.GW track (?) eth0
- zones:
svr svr svr
ogo ogo ogo
loc loc loc
- rules:
AllowPing svr fw
AllowSSH svr fw
AllowFTP svr fw
AllowSMTP svr fw
AllowPing ogo fw
AllowSSH ogo fw
AllowFTP ogo fw
AllowSMTP ogo fw
So, the main Q is: if I use PBR via "ip route" command from the script,
will the above files do exactly what I want? I think, no :-). Any help is
appreciated. Th...
2005 Feb 02
1
Masq errors?
...DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth......
2004 May 28
8
One NIC, filtering access
Hello all, What I am doing seems fairly straight forward to me, I just am
not sure how to put it into Shorewall''s config files. Here is what I have:
I have a single router that takes 5 public IP addresses and routes them to
internal IP addresses. In the past, I had control over that router and
could port filter at the router, forwarding only the traffic I wanted.
However, now, I
2005 Apr 09
12
aMule
Hi!
I don;t know what i am doing wrong because i have still Low ID on aMule. I
have action.AllowaMule and accept tcp 4662:4771 and udp 4672.
Thanks,
Mitja
2005 Apr 16
6
wishlist: ''none'' as source address in rules
...8.0.1,192.168.0.2"
;;
work)
TRUSTED_FTP="$NONE"
TRUSTED_SMB="net:10.1.2.100,10.1.2.102"
;;
*)
TRUSTED_FTP="$NONE"
TRUSTED_SMB="$NONE"
;;
esac
In /etc/shorewall/rules:
AllowFTP $TRUSTED_FTP $FW
AllowSMB $TRUSTED_SMB $FW
In this way I can use a common (and simple) rules file which works for
all networks, provided that the variables are set up correctly in the
params file.
Now, I would like that the SOURCE field in rules could accept the value
''none...
2004 Sep 21
1
squid on DMZ using proxyarp
...eferences)
pkts bytes target prot opt in out source
destination
2 126 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
Chain AllowFTP (3 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
Chain AllowPOP3 (2 references)
pkts bytes target prot opt in out source...
2005 May 02
1
Shorewall 2.2.4
...tted, the MAC address is suppressed.
7. In /etc/shorewall/rules, a value of ''none'' in either the SOURCE or
DEST columns now causes the rule to be ignored. This is most useful when
used with shell variables:
Example:
/etc/shorewall/rules:
AllowFTP $FTP_CLIENTS fw
When FTP_CLIENTS is set to ''none'', the above rule is ignored.
Otherwise, the rule is evaluated and generates Netfilter rules.
8. The installer now detects that it is running on a Slackware system
and adjusts the DEST and INIT variables accordingly....
2005 Apr 19
14
allow ssh access from net to fw?
...BMIN connections from the local to firewall
#
ACCEPT loc fw tcp 10000
#
# ACCEPT FTP TO loc LAN PC
DNAT net loc:192.168.0.50 tcp 21 21
#
# INCOMING
#AllowPing net fw
#AllowSSH net fw
#AllowSSH loc fw
#AllowDNS net fw
#AllowFTP net fw
#AllowWeb net fw
#AllowSMTP net fw
#AllowPOP3 net fw
#AllowIMAP net fw
#REDIRECT net 22 tcp 22
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
SHOREWALL.CONF:
-------------------------------------------------------------...
2004 Aug 30
6
Shorewall upgrade messed up my firewall
...DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth......
2004 Sep 13
5
Config problems
...tion.DropUPnP...
Pre-processing
/usr/share/shorewall/action.RejectAuth...
Pre-processing
/usr/share/shorewall/action.DropPing...
Pre-processing
/usr/share/shorewall/action.DropDNSrep...
Pre-processing
/usr/share/shorewall/action.AllowPing...
Pre-processing
/usr/share/shorewall/action.AllowFTP...
Pre-processing
/usr/share/shorewall/action.AllowDNS...
Pre-processing
/usr/share/shorewall/action.AllowSSH...
Pre-processing
/usr/share/shorewall/action.AllowWeb...
Pre-processing
/usr/share/shorewall/action.AllowSMB...
Pre-processing
/usr/share/shorewall/action.AllowAuth...
Pr...