similar to: adjusting ip nat ftp ports

Hi, ok Im all new to this :-) for pasv ftp in your example you say for example to use ports 65500-65535, but i dont see that u open those ports in your example fw scripts..? any hints ? -- Christophe Zwecker mail: doc@zwecker.de Hamburg, Germany fon: +49 179 3994867 http://www.zwecker.de "Who is General Failure ? And why is he reading my disk

Hi, I have a cisco sdsl modem to connect to internet via eth1 (192.168.1.2) local is eth0 (192.168.2.254) default gw is 192.168.1.1 the cisco forwards all incoming ports to 192.168.1.2. I connect from outside on port 24562, login is successfull, the ftpserver gives back the external Ip of the cisco as pasv IP to the client (its a setting in the ftpserver). It gives an ip from the pasv range I

this : iptables -A FORWARD -i internal-interface -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP doesn''t seem to work for active-ftp .. i even manualy loaded ip_conntrack_ftp but as u see it is unused : # lsmod Module Size Used by Not tainted ip_conntrack_ftp 4272 0 (unused) iptable_nat

Still not working I really have to change 21 port on 80 port, my friend has only www and mail on his netwok. He has rigorous admin. I have done : !! in proftpd.cof : # Port 21 is the standard FTP port. Port 80 !! in /etc/shorewall/modules: loadmodule ip_conntrack_ftp ports=21,80 loadmodule ip_nat_ftp ports=21,80 AFTER THAT AND RESTARTTING PROFTP AND

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

Hi, I''m using the same set of firewall rules of 2.0.x (sorry, I can''t remember the exact minor version) and put it to work with 2.0.9. And now I can''t do passive ftp (was working before). I see that my NEWNOTSYN is set to Yes, and the loc->net rule is blocking 1024:65535. But I believe with the ip_conntrack_ftp, the passive mode would be allowed, since

I''v don all the work that was shown on the installation documentaion but It still can''t send PASV comands and ares up the is their somthing i''m missing from the Rules. ### # Shorewall version 1.3 - Rules File # # /etc/shorewall/rules REJECT:info loc net tcp 6667,137,138,139 REJECT:info loc net udp 137,138,139 #REDIRECT

I just installed CentOS4 on my main server. It runs proftpd and is not NATted.. When I did the install I said to allow FTP and HTTP. I can ftp from windows dos ftp client. In IE I get "Unable to build data connection: No route to host" ncftp I get.. Data connection timed out. Falling back to PORT instead of PASV mode. List failed. Wget and FireFox just time out. Anything I need

Hi! I use standard Bering 2.2.2. I am trying to get my FTP-server to work with another portnumber than 21 (On port 21 all works great, but I´m really interested in running two FTP-servers, so I want to figure this one out first). Read the FAQ: http://www.shorewall.net/FTP.html and now I got this setup: In Rules: DNAT net loc:192.168.3.2 tcp 99 In Shorewalls modules.conf (tried

Howdy I'm trying to run FTP server behind firewall. And i can't enable passive mode from the Internet. There are plenty howtos but there aren't many with my combination. For now i have configured port forwarding and ftp server itself. On the router: # firewall-cmd --list-all --zone=external external (active) interfaces: enp3s1 sources: services: openvpn ssh ports: 1194/tcp

I am trying to get the AllowFTP action to work for Net > DMZ traffic and FTP pasv. I know it is kind of working, as the user can log in, however, it fails at the port. I have had to open up some high ports for pasv to work. Now I know this aint cool, so does anyone know what a person has to do to get the AllowFTP action to work the same way it does if I was just ftp to the firewall, which does

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Remember my thread that I can''t FTP into my server? It seems that (well, what Tom has suggested) ip_conntrack_ftp and ip_nat_ftp weren''t loaded. I don''t know why in that particular machine mdk9.2 doesn''t load them by default, whereas in other machine they were loaded. I have put them in /etc/modules, and

mdew:~# tc qdisc add dev imq0 handle 1: root htb default 12 r2q 1 Cannot find device "imq0" mdew:~# lsmod Module Size Used by Not tainted ipt_REDIRECT 728 0 (autoclean) ipt_MARK 728 2 (autoclean) iptable_mangle 2100 1 (autoclean) ipt_REJECT 2712 4 (autoclean) iptable_filter 1672 1 (autoclean)

Hi all! I am a long time lurker, but have not posted until now. My old trusted firewall machine broke a couple of weeks ago and I replaced it with a XEN domU that is using DNAT and has two interfaces. The firewall domU and the FTP server domU are both guests on the same dom0. All three machines are running Debian/etch (stable) and Shorewall has version 3.2.6. I can''t get FTP to work

Hi all, I have 2 CentOS 3.5 boxes & i do backups on the LAN Recently, I always get FTP timout error with large files "700 MB and more" . i tried to log and do manual backup with FTP command and i also got the same result "FTP timeout" i tried to google and i did # modprobe ip_conntrack_ftp but still get the same timeout message Any one can help??? Hameed

New install of CentOS 4.1; our first try at the 4.x. On previous 3.x installs we've used proftpd. On this one we're using (trying to use is a better statement of what we're going through) the default daemon, /usr/sbin/vsftpd. But we don't get anywhere. <snip> ftp> passiv Passive mode off. ftp> put ~/xorg.conf.work local: /home/jlasman/xorg.conf.work remote:

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

For some reason, ip_conntrack_ftp & ip_nat_ftp aren''t loading automatically. If I load them manually with modprobe FTP works. Both ip_conntrack_ftp & ip_nat_ftp are listed in the modules file - I haven''t mucked with the order at all, so I assume it''s right. I''m using Mandrake 9.2 but, as recommended, I uninstalled the Mandrake version of shorewall and

I have Centos 5.7 64bit; I have installed vsftpd as standalone service and using it for two years now with no problem. Suddenly; only it works with active mode. The passive mode stops working and gives time out. Firewall is disabled and SELinux is set to permissive. I ran tcpdump and I noticed that only first three packets reached the FTP for passive mode and no more packets on other ports #

Hello CentOS, Is there a specific RPM that makes "insmod ip_conntrack_ftp" available? I've been using that on a number of servers fine, but the latest one I've built, running insmod ip_conntrack_ftp gives me: insmod: can't read 'ip_conntrack_ftp': No such file or directory -- Best regards, Mickael mailto:mike at kamloopsbc.com www.MickaelMaddison.com