Shorewall users - Oct 2003 - shorewall and FTP Server

Hello

I have Mandrake 9.1 with FTP Server.
I have problem with passive mode.

In /etc/shorewall/rules

# Passive Mode
ACCEPT  net     fw      tcp     -       7500:7700       -
# FTP Server
ACCEPT  net     fw      tcp     2210    -               -

In /var/log/messages i see

Oct  6 09:04:21 inferno kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= 
MAC=00:01:02:ea:f9:a1:00:90:69:af:7c:00:08:00 SRC=195.117.29.100 
DST=212.76.63.238 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=19881 DF PROTO=TCP 
SPT=2685 DPT=7598 WINDOW=16384 RES=0x00 SYN URGP=0

Why this connection is droped ??

Thanks for answer and sorry for my bad english.

Pawel Koska

Pawel Koska (10/06/2003 08:46):
>I have problem with passive mode.
>
>In /etc/shorewall/rules
>
># Passive Mode
>ACCEPT  net     fw      tcp     -       7500:7700       -

This is "client port" rule. Change it to:
ACCEPT  net     fw      tcp     7500:7700

># FTP Server
>ACCEPT  net     fw      tcp     2210    -               -

--- SHOREWALL TimeLord <shorewall@timelord.sk>
wrote:
> Pawel Koska (10/06/2003 08:46):
> >I have problem with passive mode.
> >
> >In /etc/shorewall/rules
> >
> ># Passive Mode
> >ACCEPT  net     fw      tcp     -       7500:7700       -
> 
> 
> This is "client port" rule. Change it to:
> ACCEPT  net     fw      tcp     7500:7700
> 
> 
> ># FTP Server
> >ACCEPT  net     fw      tcp     2210    -               -
To add to this as thread as well, since your ftp server is using Passive mode
then you will need
to make sure that you have the needed netfilter kernel modules loaded.
ip_nat_ftp 
ip_conntrack_ftp

See Tom''s awesome FAQ here. 

Understanding how Active and Passive FTP works, helps, when working with any
firewall
configuration. Speaking for myself anyways.

JBanks

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com