[Shorewall-users] ftp server and passive mode

Zipleen zipleen@netcabo.pt
Mon, 29 Apr 2002 19:15:01 +0100


hi, I recently configured a box for a dedicated firewall using 
shorewall, and after I get all the things right the firewall runs 
smoothly, but as i start to add stuff things tend to go wrong. My 
particular problem is with my ftp server and passive mode. I have in my 
lan a ftp server and i need passive mode activated. I also use another 
port for the ftp server (30021) instead of the default one. I searched 
the mailling list for this kind of problem and found solution. It is 
also reported in netfilter.org but in the mailing list i have found this

You have to pass the non-standard ports to the ip_conntrack_ftp
ip_nat_ftp modules. In your /etc/modules.conf file:

options ip_nat_ftp ports=21,9000
options ip_conntrack_ftp ports=21,9000

ok, so i added the ports= in /etc/modules.conf but passive mode 
continued not to work correctly. so I edited /etc/shorewall/modules and 
added ports= there. it didnīt worked also, so i tryed manually and it 
didnīt worked...

PORT runs OK but passive mode doesnīt. the workaround i did was to add 
the passive mode ports do the /etc/shorewall/rules but thatīs not 
good/right ;)

i am using debian 3 (unstable) and using kernel 2.4.18. could anyone 
help me out with this problem ? i must be doing something wrong here... 
oh btw, using ftp server in port 21 also doensīt work passive mode!

best regards,
Luis