On Friday 18 November 2005 09:51, Anderson Oliveira wrote:> Hi. > > > I need to know, if I am configuring correctly. > > My scene. > > Shorewall Gateway, running vsftpd too. > > > eth0 = 201.6.x.133/26 > eth1 = 172.16.11.5/24 > > I need to receive connections by ftp service, on ip 201.6.x.135, so I made: > > # ip address add 201.6.x.135 bdr 201.6.x.191 dev eth0 label eth0:1--- I assume that you meant "brd". Also, be sure to arrange for that command to be executed each time that eth0 is brought up (your Distribution''s Network configuration tools can do that for you).> > and, /etc/shorewall/rules > > ACCEPT net $FW:201.6.x.191 tcp ftp,ftp-data > > > Is it correct? What can I make better?You appear to have the broadcast address (201.6.x.191) in your rule rather than the address that your FTP server is listening on (201.6.x.135). Also, remove ''ftp-data'' from the port list -- see http://www.shorewall.net/FTP.html. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Friday 18 November 2005 10:41, Anderson Oliveira wrote:> Hi Tom, > > > Thanks. > > > I want that FTP Server, running with shorewall gateway, listening eth1 > (172.16.11.5) and eth0:0 (201.6.x.135) > > > Realy, 201.6.x.191 is my broadcast address and the "brd" is the broadcast > parameter of command lineYes -- but you wrote "bdr" in your post, not "brd".> > # ip address add 201.6.x.135 broadcast 201.6.x.191 dev eth0 label eth0:1 - > already inserted at #/etc/rc.d/rclocal, so,Which will work fine until you "ifdown eth0; ifup eth0" -- then you won''t have this secondary IP address. That is why I recommend using your distribution''s facility rather than hacking up your own.> > eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:11:5b:e6:a9:eb brd ff:ff:ff:ff:ff:ff > inet 201.6.x.133/26 brd 201.6.x.191 scope global eth0 > inet 201.6.x.135/32 brd 201.6.x.191 scope global eth0:1 > valid_lft forever preferred_lft forever > > Now, my rule at "/etc/shorewall/rules" is: > > ACCEPT net $FW:201.6.x.135 tcp ftp > > Now, is it correct?Yes. You probably also want ACCEPT loc $FW tcp ftp -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi.
I need to know, if I am configuring correctly.
My scene.
Shorewall Gateway, running vsftpd too.
eth0 = 201.6.x.133/26
eth1 = 172.16.11.5/24
I need to receive connections by ftp service, on ip 201.6.x.135, so I made:
# ip address add 201.6.x.135 bdr 201.6.x.191 dev eth0 label eth0:1
and, /etc/shorewall/rules
ACCEPT net $FW:201.6.x.191 tcp ftp,ftp-data
Is it correct? What can I make better?
Best Regards,
Anderson
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
Hi Tom,
Thanks.
I want that FTP Server, running with shorewall gateway, listening eth1
(172.16.11.5) and eth0:0 (201.6.x.135)
Realy, 201.6.x.191 is my broadcast address and the "brd" is the
broadcast
parameter of command line
# ip address add 201.6.x.135 broadcast 201.6.x.191 dev eth0 label eth0:1 -
already inserted at #/etc/rc.d/rclocal, so,
eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:11:5b:e6:a9:eb brd ff:ff:ff:ff:ff:ff
inet 201.6.x.133/26 brd 201.6.x.191 scope global eth0
inet 201.6.x.135/32 brd 201.6.x.191 scope global eth0:1
valid_lft forever preferred_lft forever
Now, my rule at "/etc/shorewall/rules" is:
ACCEPT net $FW:201.6.x.135 tcp ftp
Now, is it correct?
Best Regards?
Anderson.
----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>
To: <shorewall-users@lists.sourceforge.net>
Cc: "Anderson Oliveira" <acw.oliveira@gmail.com>
Sent: Friday, November 18, 2005 2:08 PM
Subject: Re: [Shorewall-users] doubt
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click