Dominique Archambault
2003-Nov-19 09:21 UTC
[Shorewall-users] FTP transfers locking up Shorewall
Hi, I have an interesting problem I was not able to solve, even after looking through the site''s documentation and searching on this mailing list...so here it is: I have an FTP server behind my Shorewall box, in my LAN (I know, bad security practice), and ports are mapped through DNAT rules. Now, whenever I transfer big files, at high, sustained data rates (~40-50KB/s), Shorewall seems to disable all rules between my LAN and the Internet. Result: no communication, in or out, is made between the two zones. The Shorewall box itself, though, retains it''s net access. I then have to restart Shorewall to restore access communication between my LAN and the net. Does anyone know what could be causing this? Thanks in advance for your help! Dominique ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
On Wed, 2003-11-19 at 09:21, Dominique Archambault wrote:> Hi, > > I have an interesting problem I was not able to solve, even after > looking through the site''s documentation and searching on this mailing > list...so here it is: > > I have an FTP server behind my Shorewall box, in my LAN (I know, bad > security practice), and ports are mapped through DNAT rules. > > Now, whenever I transfer big files, at high, sustained data rates > (~40-50KB/s), Shorewall seems to disable all rules between my LAN and > the Internet. Result: no communication, in or out, is made between the > two zones. The Shorewall box itself, though, retains it''s net access.Please read the "Introduction to Shorewall" on the Shorewall home page (http://www.shorewall.net). You will see that Shorewall can''t possibly do what you are suggesting because there is absolutely no Shorewall code running once "shorewall start" completes.> > I then have to restart Shorewall to restore access communication > between my LAN and the net. > > Does anyone know what could be causing this? >No. What do you see in your log when this happens? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Robert K Coffman Jr - Info From Data Corporation
2003-Nov-19 10:04 UTC
[Shorewall-users] FTP transfers locking up Shorewall
I have the same scenario regarding FTP configuration as described here, except I disable it (remove the DNAT/shorewall restart) when not in use. I''ve never seen anything like this. - Bob Coffman -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of Tom Eastep Sent: Wednesday, November 19, 2003 12:36 PM To: Shorewall Users Mailing List Subject: Re: [Shorewall-users] FTP transfers locking up Shorewall On Wed, 2003-11-19 at 09:21, Dominique Archambault wrote:> Hi, > > I have an interesting problem I was not able to solve, even after > looking through the site''s documentation and searching on this mailing > list...so here it is: > > I have an FTP server behind my Shorewall box, in my LAN (I know, bad > security practice), and ports are mapped through DNAT rules. > > Now, whenever I transfer big files, at high, sustained data rates > (~40-50KB/s), Shorewall seems to disable all rules between my LAN and > the Internet. Result: no communication, in or out, is made between the > two zones. The Shorewall box itself, though, retains it''s net access.Please read the "Introduction to Shorewall" on the Shorewall home page (http://www.shorewall.net). You will see that Shorewall can''t possibly do what you are suggesting because there is absolutely no Shorewall code running once "shorewall start" completes.> > I then have to restart Shorewall to restore access communication > between my LAN and the net. > > Does anyone know what could be causing this? >No. What do you see in your log when this happens? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm