Emilio Ruben Estevez
2003-Nov-05 06:49 UTC
[Shorewall-users] Proftp and shorewall! changes to do in rules
Hi, im a little messed up with the chages to do in the rules of shorewall so i can use proftp. I´ve read some doc from shorewall.net and other sites docs but im a little confused, can anybody help me what do i have to change at the rules i mean i know i must open ports 20 and 21, but in the most cases the docs say i must use dnat but i do not want to use dnat. Thanks, Emilio _________________________________________________________________ Crave some Miles Davis or Grateful Dead? Your old favorites are always playing on MSN Radio Plus. Trial month free! http://join.msn.com/?page=offers/premiumradio
Emilio Ruben Estevez
2003-Nov-05 06:55 UTC
[Shorewall-users] Proftp and shorewall! changes to do in rules
Hi, im a little messed up with the chages to do in the rules of shorewall so i can use proftp. I´ve read some doc from shorewall.net and other sites docs but im a little confused, can anybody help me what do i have to change at the rules i mean i know i must open ports 20 and 21, but in the most cases the docs say i must use dnat but i do not want to use dnat. Thanks, Emilio _________________________________________________________________ Crave some Miles Davis or Grateful Dead? Your old favorites are always playing on MSN Radio Plus. Trial month free! http://join.msn.com/?page=offers/premiumradio
Holger Brückner
2003-Nov-05 07:10 UTC
[Shorewall-users] Proftp and shorewall! changes to do in rules
On Wed, 2003-11-05 at 15:49, Emilio Ruben Estevez wrote:> Hi, im a little messed up with the chages to do in the rules of shorewall so > i can use proftp. I?ve read some doc from shorewall.net and other sites docs > but im a little confused, can anybody help me what do i have to change at > the rules i mean i know i must open ports 20 and 21, but in the most cases > the docs say i must use dnat but i do not want to use dnat.we are confused by the little information you give us ;) it''s actually easy .. you just need port 21 .. so a rule like that: ACCEPT loc net tcp ftp should do the trick. if you don''t provide more information from which zone to which zone you want to do ftp we actually can''t help. Holger
Joshua Banks
2003-Nov-05 07:22 UTC
[Shorewall-users] Proftp and shorewall! changes to do in rules
--- Emilio Ruben Estevez <emilioestevezz@hotmail.com> wrote:> Hi, im a little messed up with the chages to do in the rules of > shorewall so > i can use proftp. I´ve read some doc from shorewall.netShouldn''t be any confusion if you understand how FTP works. It works in two modes. Passive and Active. 1) Make sure that your FTP client "behind Shorewall" is using Pasv mode. 2)As well as make sure that your FTP connection tracking modules have been loaded by the kernel. If number 1 and 2 above are set and your using the default config files and directions on the Shorewall site then you will have know problems as far as I know. Are you sure that you read: http://www.shorewall.net/FTP.html If this doesn''t help, please confirm that you''ve read and understand the above link as well as verifying that the FTP conntrack mod''s are loaded. As well please see this link if you need any further help. http://www.shorewall.net/support.htm With the info provided and needed to help you, we won''t have to guess or assume your setup. The more detail you can give the better. Thanks, JBanks __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
Joshua Banks
2003-Nov-05 07:32 UTC
[Shorewall-users] Proftp and shorewall! changes to do in rules
--- Holger Brückner <lists@net-labs.de> wrote:> we are confused by the little information you give us ;)I agree.> it''s actually easy .. you just need port 21 .. so a rule like that: > > ACCEPT loc net tcp ftp > > should do the trick. if you don''t provide more information from which > zone to which zone you want to do ftp we actually can''t help.Yes, but the assumption of which mode his FTP client is using has been established by you. If he''s using passive ftp then the default "Policy" "Loc>>>>>Net Accept" will allow him ftp access without having to do anything to the rules. Please correct me if I''m incorrect. :P JBanks __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree