[Shorewall-users] FTP problem

Markus Bossert markus.bossert@epost.de
Thu, 10 Jan 2002 01:03:41 +0100


Hi,
I explain here a typical mistake of beginners.
It occured to me and 2 of my mates, obviously we didn't examine the manual 
too closely ;)
If it still doesn't work mail again, pls.

The machine where you installed Shorewall is an own zone, named fw (for 
firewall).
So you need to add a rule for the FTP traffic for the machine to accept it, 
e.g.
ACCEPT          net     fw      tcp     ftp     -       all

If you have an FTP-Server on a machine in your network, for example on 
machine 192.168.1.20 you need
ACCEPT          net     local:192.168.1.20      tcp     ftp     -       all

On the other hand you have to explicitely allow EVERY service for your 
shorewall-machine. So if you want to FTP *from* it you would have to add
ACCEPT          fw     net      tcp     ftp     -       all

The fw-thing is a bit hidden, but once you got it it'll work smoothly.
I hope I could help you :)

Regards,
Markus

At 17:36 09.01.2002 -0800, huytu@mail.com wrote:
>Dear Shorewall-Users,
>I am a newbie with Shorewall .
>After install Shorewall 1.2.2 ,everything work OK except FTP :they
>tell connection time out when connect to internet ,but to my DMZ is
>OK.
>I check my config many time but i gave up.Pls help me some opinions.
>
>
>
>
>--
>Best regards,
>  T.Q.Huy                          mailto:huytu@hcmc.netnam.vn
>
>_______________________________________________
>Shorewall-users mailing list
>Shorewall-users@shorewall.net
>http://www.shorewall.net/mailman/listinfo/shorewall-users