[Shorewall-users] passive ftp transfers on non standard ports

Tom Eastep teastep@shorewall.net
Mon, 7 Jan 2002 12:30:51 -0800


On Monday 07 January 2002 12:01 pm, jos not to know by everybody wrote:
> hello,
>
> I got a machine running RH 7.2 with shorewall 1.2.0, connected to a cab=
le
> modem and my home network.
>
> when i used the standard configuration file's for two interfaces, it wo=
rked
> like a charm, But (there is allways a but) i got 2 things iam trying to
> solve:
>
> 1. i dont seem to be able to use ftp passive transfer when using
> non-standard ports (ie:  an ftp server on port 9000).

You have to pass the non-standard ports to the ip_conntrack_ftp and=20
ip_nat_ftp modules. In your /etc/modules.conf file:

options ip_nat_ftp ports=3D21,9000
options ip_conntrack_ftp ports=3D21,9000

>
> 2. MSN file transfers.. i cant send myself, but i can receive.

No clue -- I don't use MSN. Are you seeing any Shorewall messages logged?

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------