[Shorewall-users] ftp works in a strange way.....or....
Sat, 27 Apr 2002 09:53:43 +0100
Paul Gear wrote:
> Goetz Reinicke wrote:
>>I added IP_FORWARDING="on" in the shorewall.conf and have the following
>>rules for ftp:
>>ACCEPT fw net tcp ftp
>>ACCEPT fw local tcp ftp
>>So can anynone explain to me, why my ftp clients are allowed to connenct
>>to ftp-servers at the internet??
> What is your loc -> net policy? If it's accept, then they can get there
> without needing any rules.
:-) RTFM *bangingheadagainstthewall*
local net ACCEPT
So that means also, as I have enabled IP_FORWARDING, I have to disable
some services and ports I dont want by special rule in the rule file!?
In my rule-file I have rules like:
ACCEPT local:172.17.20.40 net udp ntp
ACCEPT local:172.17.1.251 net tcp domain
ACCEPT local:172.17.1.251 net udp domain
so with the default policy in mind, are dns requests rejected from other
hosts to the Internet, or do I have to add a rule like
DROP local net udp ntp,domain
DROP local net tcp domain
Thanks for help.
- Götz Reinicke -------------------- mailto: email@example.com -
IT Koordinator Tel: 07141/969-420
IT-OfficeNet Filmakademie Baden-Württemberg Fax: 07141/969-55420
- Mathildenstr. 20, 71638 Ludwigsburg ----------- www.filmakademie.de -