Shorewall users - Apr 2003 - passive FTP server in DMZ and Shorewall 1.4.2

I have an FTP server running in the DMZ section of my home network. It uses port
23000 for connection and ports 19990 to 19994 for data transfer. I have setup
the following rule for outside people to connect to it:DNAT    net    
dmz:192.168.2.2 tcp     23000 I''m at work right now and I
can''t use passive connection to it. I can''t get a directory
listing. Active connections work. I have setup my /etc/shorewall/modules and
/etc/modules.conf according the FTP section of this page
http://shorewall.sourceforge.net/ports.htm I searched the mailing list and found
these 2 threads 1.
http://lists.shorewall.net/pipermail/shorewall-users/2003-February/005291.html2.
http://lists.shorewall.net/pipermail/shorewall-users/2002-December/003879.html
------------------In the 1st link, Tom mentioned "FTP tracking/NAT"
and "ALLOWRELATED". I checked what modules are being loaded and found
these:ip_conntrack_irc        4400   1  [ip_nat_irc]ip_conntrack_ftp        5424
1  [ip_nat_ftp]ip_conntrac
 k           29920   4  [ipt_MASQUERADE ipt_state ip_nat_irc ip_nat_ftp
iptable_nat ip_conntrack_irc ip_conntrack_ftp]In regards to
"ALLOWRELATED", I had a looked at shorewall.conf and I can''t
find an entry for it. Tom mentioned that "ALLOWRELATED" must beset to
"Yes". So I created a new entry "ALLOWRELATED" and set
it''s value to "Yes".------------------------In the 2nd link,
Tom mentioned port 113. The only rule that uses port 113 (auth) in my setup is
this:ACCEPT  $_Local net     udp     auth #ident I used for it ident as this
website (http://www.practicallynetworked.com/) mentioned that it''s
needed for IRC ident.

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!