Quentin wrote:> Hi All,
>
> I have a DNAT on our external interface for FTP Port 21 to an internal
machine. The external clients are able to connect and list the directory but
can''t place files. Ihave checked the permission and they are correct as
i ca nconnect internally and it works fine. I have checked the FAQ on shorewall
and both the ftp_conntrack modules are loaded. The log on the ftp server is as
follows:
>
> 09:33:20 XXX.30.40.78 [47]USER ftpuser 331
> 09:33:20 XXX.30.40.78 [47]PASS - 230
> 09:47:30 XXX.30.40.78 [45]closed - 421
> 09:47:43 XXX.30.40.78 [47]QUIT - 425
> 09:47:47 XXX.30.40.78 [48]USER ftpuser 331
> 09:47:47 XXX.30.40.78 [48]PASS - 230
> 09:59:35 XXX.30.40.78 [48]QUIT - 425
> 09:59:40 XXX.30.40.78 [49]USER ftpuser 331
> 09:59:40 XXX.30.40.78 [49]PASS - 230
> 10:00:08 XXX.30.40.78 [50]USER ftpuser 331
> 10:00:14 XXX.30.40.78 [50]PASS - 230
>
>
>
> Therfore the connection is getting through but looks like its not getting
back out.
If you are able to list directory contents, there is probably nothing
wrong with your Shorewall setup.
> Please advise on anything else I can check to see where the problem may lie
If you have ethereal on your firewall, I would run it and capture the
conversation between the client and server. Lacking that, you can use
tcpdump to accomplish the same thing.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net