[Shorewall-users] FTP problem

Markus Bossert markus.bossert@epost.de
Thu, 10 Jan 2002 01:03:41 +0100

I explain here a typical mistake of beginners.
It occured to me and 2 of my mates, obviously we didn't examine the manual 
too closely ;)
If it still doesn't work mail again, pls.

The machine where you installed Shorewall is an own zone, named fw (for 
So you need to add a rule for the FTP traffic for the machine to accept it, 
ACCEPT          net     fw      tcp     ftp     -       all

If you have an FTP-Server on a machine in your network, for example on 
machine you need
ACCEPT          net     local:      tcp     ftp     -       all

On the other hand you have to explicitely allow EVERY service for your 
shorewall-machine. So if you want to FTP *from* it you would have to add
ACCEPT          fw     net      tcp     ftp     -       all

The fw-thing is a bit hidden, but once you got it it'll work smoothly.
I hope I could help you :)


At 17:36 09.01.2002 -0800, huytu@mail.com wrote:
>Dear Shorewall-Users,
>I am a newbie with Shorewall .
>After install Shorewall 1.2.2 ,everything work OK except FTP :they
>tell connection time out when connect to internet ,but to my DMZ is
>I check my config many time but i gave up.Pls help me some opinions.
>Best regards,
>  T.Q.Huy                          mailto:huytu@hcmc.netnam.vn
>Shorewall-users mailing list