Still not working
I really have to change 21 port on 80 port, my friend has only www and mail
on his netwok. He has rigorous admin.
I have done :
!! in proftpd.cof :
# Port 21 is the standard FTP port.
Port 80
!! in /etc/shorewall/modules:
loadmodule ip_conntrack_ftp ports=21,80
loadmodule ip_nat_ftp ports=21,80
AFTER THAT AND RESTARTTING PROFTP AND SHOREWALL still not work ...,so :
!! in /etc/modules.conf:options ip_conntrack_ftp ports=21,49
options ip_nat_ftp ports=21,49
Restart shorewall, restart proftpd, restart conputer (serwer) and still not
work ( ftp://hades.commedia.pl:80 )
--
----
Oferta jakiej jeszcze nie by³o!
Serwer www 60 MB za 99 z³ rocznie
Szczegó³y: www.oferta.alpha.pl
----
--On Friday, November 22, 2002 08:47:39 PM +0100 Maciek Kurkiewicz <maciek@alpha.net.pl> wrote:> Still not working > I really have to change 21 port on 80 port, my friend has only www and > mail on his netwok. He has rigorous admin. > > I have done : > !! in proftpd.cof : > # Port 21 is the standard FTP port. > Port 80 > > !! in /etc/shorewall/modules: > loadmodule ip_conntrack_ftp ports=21,80 > loadmodule ip_nat_ftp ports=21,80 > > AFTER THAT AND RESTARTTING PROFTP AND SHOREWALL still not work ...,so : > > !! in /etc/modules.conf:options ip_conntrack_ftp ports=21,49 > options ip_nat_ftp ports=21,49 > > Restart shorewall, restart proftpd, restart conputer (serwer) and still > not work ( ftp://hades.commedia.pl:80 )Have you opened/forwarded port 80 from the net zone to your ftp server? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
--On Friday, November 22, 2002 09:13:28 PM +0100 Maciek Kurkiewicz <maciek@alpha.net.pl> wrote:>> Have you opened/forwarded port 80 from the net zone to your ftp server? > > No I haven''t, should I ?I''m incapable of answering that question without becoming abusive. How to do it ?>How could we possibly know? You have told us ABSOLUTELY NOTHING about your setup other than you have an FTP server running somewhere that is listening on port 80. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net
Now that I''ve calmed down, let me try this one more time. --On Friday, November 22, 2002 09:13:28 PM +0100 Maciek Kurkiewicz <maciek@alpha.net.pl> wrote:>> Have you opened/forwarded port 80 from the net zone to your ftp server? > > No I haven''t, should I ?Yes! Shorewall is a _firewall_ and firewalls require a configuration change to let server traffic in. If you think about it a bit, you''ll realize that you wouldn''t want a firewall that _didn''t_ require you to define the traffic that you want to let it.> How to do it ?If the ftp/www server is running on your firewall, add this rule: ACCEPT net fw tcp 80 If the server is running on a system behind your firewall in the loc zone and you use masquerading or SNAT, then: DNAT net loc:<ip address of server> tcp 80 Both of these types of rules are explained in the two-interface QuickStart Guide and the first type is explained in the one-interface (standalone) QuickStart Guide. If you have some other network setup, you will have to describe it before we can help further. There is another totally different approach that you might want to consider. Rather than having your FTP server listen on port 80, you might have it listen on port 21 and redirect port 80 to port 21. That way, you wouldn''t have to have the conntrack and nat FTP modules looking at port 80 traffic and your ftp server could also be used normally (port 21). To do that, if you run the server on your firewall: REDIRECT net 21 tcp 80 If you run the server on a masqueraded system in the ''loc'' zone: DNAT net loc:<server ip>:21 tcp 80 Both of these will also allow access to your server using port 21. You can see this working at ftp.shorewall.net -- you can connect to the server either on port 21 or on port 721. I''ll leave it that way for a day or so... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net