Shorewall users - Nov 2003 - Proftp and shorewall! changes to do in rules

Hi, im a little messed up with the chages to do in the rules of shorewall so 
i can use proftp. I´ve read some doc from shorewall.net and other sites docs 
but im a little confused, can anybody help me what do i have to change at 
the rules i mean i know i must open ports 20 and 21, but in the most cases 
the docs say i must use dnat but i do not want to use dnat.

Thanks,
Emilio

_________________________________________________________________
Crave some Miles Davis or Grateful Dead?  Your old favorites are always 
playing on MSN Radio Plus. Trial month free! 
http://join.msn.com/?page=offers/premiumradio

Hi, im a little messed up with the chages to do in the rules of shorewall so 
i can use proftp. I´ve read some doc from shorewall.net and other sites docs 
but im a little confused, can anybody help me what do i have to change at 
the rules i mean i know i must open ports 20 and 21, but in the most cases 
the docs say i must use dnat but i do not want to use dnat.

Thanks,
Emilio

_________________________________________________________________
Crave some Miles Davis or Grateful Dead?  Your old favorites are always 
playing on MSN Radio Plus. Trial month free! 
http://join.msn.com/?page=offers/premiumradio

On Wed, 2003-11-05 at 15:49, Emilio Ruben Estevez wrote:
> Hi, im a little messed up with the chages to do in the rules of shorewall
so
> i can use proftp. I?ve read some doc from shorewall.net and other sites
docs
> but im a little confused, can anybody help me what do i have to change at 
> the rules i mean i know i must open ports 20 and 21, but in the most cases 
> the docs say i must use dnat but i do not want to use dnat.
we are confused by the little information you give us ;)

it''s actually easy .. you just need port 21 .. so a rule like that:

ACCEPT  loc             net             tcp	ftp

should do the trick. if you don''t provide more information from which
zone to which zone you want to do ftp we actually can''t help. 

Holger

--- Emilio Ruben Estevez <emilioestevezz@hotmail.com>
wrote:
> Hi, im a little messed up with the chages to do in the rules of
> shorewall so 
> i can use proftp. I´ve read some doc from shorewall.net 
Shouldn''t be any confusion if you understand how FTP works. It works in
two modes. Passive and Active.

1) Make sure that your FTP client "behind Shorewall" is using Pasv
mode. 

2)As well as make sure that your FTP connection tracking modules have
been loaded by the kernel.

If number 1 and 2 above are set and your using the default config files
and directions on the Shorewall site then you will have know problems
as far as I know. 

Are you sure that you read:
http://www.shorewall.net/FTP.html

If this doesn''t help, please confirm that you''ve read and
understand
the above link as well as verifying that the FTP conntrack mod''s are
loaded. As well please see this link if you need any further help.

http://www.shorewall.net/support.htm

With the info provided and needed to help you, we won''t have to guess
or assume your setup. The more detail you can give the better.

Thanks,
JBanks


__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

--- Holger Brückner <lists@net-labs.de> wrote:
> we are confused by the little information you give us ;)
 I agree.
 
> it''s actually easy .. you just need port 21 .. so a rule like
that:
> 
> ACCEPT  loc             net             tcp	ftp
> 
> should do the trick. if you don''t provide more information from
which
> zone to which zone you want to do ftp we actually can''t help. 
Yes, but the assumption of which mode his FTP client is using has been
established by you. 

If he''s using passive ftp then the default "Policy"
"Loc>>>>>Net
Accept" will allow him ftp access without having to do anything to the
rules. 

Please correct me if I''m incorrect. :P

JBanks

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree