[Shorewall-users] Trouble in outoging ftp or telnet.

Paul Gear paul@gear.dyndns.org
Fri, 05 Jul 2002 17:59:55 +1000

K Mistry wrote:

> Dear All,
> I am unable to telnet or ftp from my firewall to my itneral server &
> router. Is there any rules to be add?


The rules that Dario has just posted will work if your zones use
default names (incidentally, there should be no need for the ftp-data
rule if you are using connection tracking, which you should be), and if
the server & router you wish to access are in the loc zone.

However, it is important to remember that there is no "standard"
configuration in Shorewall.  It does not provide any default rules for
services between zones.  You have to define everything you want to
use.  So the general answer to "Are there any rules to be added?" is
"That depends what's there already."

Also, there is the issue of whether you _should_ allow telnet & ftp
from your firewall to your internal machines.  Is that something you
want to encourage?