similar to: Net > DMZ and AllowFTP

Lables: Gateway = 209.5.171.65 Netmask = 255.255.255.192 Eth0 = net = 209.5.171.66 Eth1 = loc = 192.168.0.1 There is no NAT clients, in essence loc is dmz. I can rename loc to dmz if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126 Problem: Using the Shorewall Action AllowFTP does not result in desired behavior when connecting from Internet to machines behind firewall in DMZ. From

Hi, ok Im all new to this :-) for pasv ftp in your example you say for example to use ports 65500-65535, but i dont see that u open those ports in your example fw scripts..? any hints ? -- Christophe Zwecker mail: doc@zwecker.de Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Who is General Failure ? And why is he reading my disk

Hello , Regarding a previous post in this group. (see below) Does anyone know how I can change the options for ipnat_ftp or ip_conntrack_ftp when I don''t load them as modules but have them compiled in the kernel? I''ve been looking on google since long now, but can''t seem to find it. Any idea, anyone? I have added these ''options'' and did a network

Hi, I have a cisco sdsl modem to connect to internet via eth1 (192.168.1.2) local is eth0 (192.168.2.254) default gw is 192.168.1.1 the cisco forwards all incoming ports to 192.168.1.2. I connect from outside on port 24562, login is successfull, the ftpserver gives back the external Ip of the cisco as pasv IP to the client (its a setting in the ftpserver). It gives an ip from the pasv range I

Greetings, Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 > dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files. I'm flummoxed. What I had

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71 ------- Additional Comments From laforge@netfilter.org 2003-03-30 21:18 ------- First of all: You didn't even specify the particular kernel version you are running, not even mentioning which versions of which patches you are using (if any). Secondly, I don't see anything strange in this setup. DNAT with FTP sessions

New install of CentOS 4.1; our first try at the 4.x. On previous 3.x installs we've used proftpd. On this one we're using (trying to use is a better statement of what we're going through) the default daemon, /usr/sbin/vsftpd. But we don't get anywhere. <snip> ftp> passiv Passive mode off. ftp> put ~/xorg.conf.work local: /home/jlasman/xorg.conf.work remote:

I just installed CentOS4 on my main server. It runs proftpd and is not NATted.. When I did the install I said to allow FTP and HTTP. I can ftp from windows dos ftp client. In IE I get "Unable to build data connection: No route to host" ncftp I get.. Data connection timed out. Falling back to PORT instead of PASV mode. List failed. Wget and FireFox just time out. Anything I need

mdew:~# tc qdisc add dev imq0 handle 1: root htb default 12 r2q 1 Cannot find device "imq0" mdew:~# lsmod Module Size Used by Not tainted ipt_REDIRECT 728 0 (autoclean) ipt_MARK 728 2 (autoclean) iptable_mangle 2100 1 (autoclean) ipt_REJECT 2712 4 (autoclean) iptable_filter 1672 1 (autoclean)

Hello, I am setting up ProFTPd daemon (from EPEL repository) under CentOS 5.2 and I need encrypted connection. Daemon is configured perfectly, there is no problem - if iptables is off connection is smoothly established, but when iptables is on, connection in FTP client ends on command LIST without response. Last command with response (positive) is PASV. Thank you for your replies Martin ??astn?

On my debian woody (kernel 2.4.31) the tcpdump doesn''t work with imq0 devices. If I try to tcpdump imq devices there is no packet seen: [...] rt1:~# tcpdump -n -i imq0 Warning: arptype 65535 not supported by libpcap - falling back to cooked socket tcpdump: WARNING: imq0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

For some reason, ip_conntrack_ftp & ip_nat_ftp aren''t loading automatically. If I load them manually with modprobe FTP works. Both ip_conntrack_ftp & ip_nat_ftp are listed in the modules file - I haven''t mucked with the order at all, so I assume it''s right. I''m using Mandrake 9.2 but, as recommended, I uninstalled the Mandrake version of shorewall and

Does anyone keep a known telemarketer caller id database? If not has anyone proposed an Asterisk community project to share this information? Sort of a nation wide blacklist so Asterisk'ers can cut down on the garbage calls... -------------- next part -------------- An HTML attachment was scrubbed... URL:

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

I have Centos 5.7 64bit; I have installed vsftpd as standalone service and using it for two years now with no problem. Suddenly; only it works with active mode. The passive mode stops working and gives time out. Firewall is disabled and SELinux is set to permissive. I ran tcpdump and I noticed that only first three packets reached the FTP for passive mode and no more packets on other ports #

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server's port 21 from anywhere ( Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's ports > 1024 from anywhere (Client initiates data connection to

Christian, make sure your domU Kernel Modules under /lib/modules/<KernelVersion> have the same vermagic and modversion as your domU Kernel ! Or try loading the ipt_filter module manually with "modprobe -f" also see "man modprobe" Regards, Markus -----Ursprüngliche Nachricht----- Von: xen-users-bounces@lists.xensource.com [mailto:xen-users-bounces@lists.xensource.com] Im

this : iptables -A FORWARD -i internal-interface -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP doesn''t seem to work for active-ftp .. i even manualy loaded ip_conntrack_ftp but as u see it is unused : # lsmod Module Size Used by Not tainted ip_conntrack_ftp 4272 0 (unused) iptable_nat