similar to: ip_conntrack_ftp and ports.

Still not working I really have to change 21 port on 80 port, my friend has only www and mail on his netwok. He has rigorous admin. I have done : !! in proftpd.cof : # Port 21 is the standard FTP port. Port 80 !! in /etc/shorewall/modules: loadmodule ip_conntrack_ftp ports=21,80 loadmodule ip_nat_ftp ports=21,80 AFTER THAT AND RESTARTTING PROFTP AND

For some reason, ip_conntrack_ftp & ip_nat_ftp aren''t loading automatically. If I load them manually with modprobe FTP works. Both ip_conntrack_ftp & ip_nat_ftp are listed in the modules file - I haven''t mucked with the order at all, so I assume it''s right. I''m using Mandrake 9.2 but, as recommended, I uninstalled the Mandrake version of shorewall and

Hi, ok Im all new to this :-) for pasv ftp in your example you say for example to use ports 65500-65535, but i dont see that u open those ports in your example fw scripts..? any hints ? -- Christophe Zwecker mail: doc@zwecker.de Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Who is General Failure ? And why is he reading my disk

As read here : http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html modprobe ip_conntrack_ftp would give me the ability to use active ftp if I have (pseudo/simplified code) iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP but I cant use active ftp, WHAT IS WRONG.. eth0 is the internal interface..

mdew:~# tc qdisc add dev imq0 handle 1: root htb default 12 r2q 1 Cannot find device "imq0" mdew:~# lsmod Module Size Used by Not tainted ipt_REDIRECT 728 0 (autoclean) ipt_MARK 728 2 (autoclean) iptable_mangle 2100 1 (autoclean) ipt_REJECT 2712 4 (autoclean) iptable_filter 1672 1 (autoclean)

Hi! I use standard Bering 2.2.2. I am trying to get my FTP-server to work with another portnumber than 21 (On port 21 all works great, but I´m really interested in running two FTP-servers, so I want to figure this one out first). Read the FAQ: http://www.shorewall.net/FTP.html and now I got this setup: In Rules: DNAT net loc:192.168.3.2 tcp 99 In Shorewalls modules.conf (tried

Hello , Regarding a previous post in this group. (see below) Does anyone know how I can change the options for ipnat_ftp or ip_conntrack_ftp when I don''t load them as modules but have them compiled in the kernel? I''ve been looking on google since long now, but can''t seem to find it. Any idea, anyone? I have added these ''options'' and did a network

I have Centos 5.7 64bit; I have installed vsftpd as standalone service and using it for two years now with no problem. Suddenly; only it works with active mode. The passive mode stops working and gives time out. Firewall is disabled and SELinux is set to permissive. I ran tcpdump and I noticed that only first three packets reached the FTP for passive mode and no more packets on other ports #

this : iptables -A FORWARD -i internal-interface -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP doesn''t seem to work for active-ftp .. i even manualy loaded ip_conntrack_ftp but as u see it is unused : # lsmod Module Size Used by Not tainted ip_conntrack_ftp 4272 0 (unused) iptable_nat

Hello CentOS, Is there a specific RPM that makes "insmod ip_conntrack_ftp" available? I've been using that on a number of servers fine, but the latest one I've built, running insmod ip_conntrack_ftp gives me: insmod: can't read 'ip_conntrack_ftp': No such file or directory -- Best regards, Mickael mailto:mike at kamloopsbc.com www.MickaelMaddison.com

On my debian woody (kernel 2.4.31) the tcpdump doesn''t work with imq0 devices. If I try to tcpdump imq devices there is no packet seen: [...] rt1:~# tcpdump -n -i imq0 Warning: arptype 65535 not supported by libpcap - falling back to cooked socket tcpdump: WARNING: imq0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

On Sun, 28 Jun 2015, John R Pierce wrote: > On 6/28/2015 3:49 PM, Max Pyziur wrote: >> I also seem to need to load >> iptable_nat >> nf_nat_ftp >> >> via rc.local >> >> Is this correct? > > only if you're running some Linux build from the 1990s. > > nothing on RHEL/CentOS should need anything in rc.local Then what is the

Hello, I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18 homemade kernel). When I start shorewall I got the following errors. Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

I just installed 2.6.11 and I have found a couple of things: a) As I mentioned yesterday, there are Netfilter-ipsec patches available in the contrib/IPSEC/2.6.11 directory (they were created against rc4 and they thus apply with offsets to 2.6.11 final). There are now 5 patches -- the 5th is mine and is necessary to allow iptables to compile against the patched kernel source tree. I''m

Hi, on a system RedHat 8.0, only on this, not on other various RedHat8.0, I have see the follow strange error in /var/log/{messages,boot.log} ..... After the boot all it seems to work, the modules is loads.... I have already tried to install other versions of kernel but the problem is always the same one :-(( Someone has some idea of what is happening? Thanks... Dario Lesca

I am trying to get the AllowFTP action to work for Net > DMZ traffic and FTP pasv. I know it is kind of working, as the user can log in, however, it fails at the port. I have had to open up some high ports for pasv to work. Now I know this aint cool, so does anyone know what a person has to do to get the AllowFTP action to work the same way it does if I was just ftp to the firewall, which does

Hi, I''m using the same set of firewall rules of 2.0.x (sorry, I can''t remember the exact minor version) and put it to work with 2.0.9. And now I can''t do passive ftp (was working before). I see that my NEWNOTSYN is set to Yes, and the loc->net rule is blocking 1024:65535. But I believe with the ip_conntrack_ftp, the passive mode would be allowed, since

Hi all! I am a long time lurker, but have not posted until now. My old trusted firewall machine broke a couple of weeks ago and I replaced it with a XEN domU that is using DNAT and has two interfaces. The firewall domU and the FTP server domU are both guests on the same dom0. All three machines are running Debian/etch (stable) and Shorewall has version 3.2.6. I can''t get FTP to work