[Shorewall-users] ProFtP server

Reginald R. Richardson whiz.kid at tyarosh.homeip.net
Thu, 10 Oct 2002 21:56:26 +0200

Hi guys,

Just getting ready to install ProFTP server, and according the their
website, to use this being NAT, this is how it's supposed to be done:

Can someone please, explain me, how this is Converted to Shorewall

Configuring Linux
This example is for Linux kernel version 2.2.x with ipchains and
ipmasqadm. The examples below assume that your FTP server has local

First we need to enable NAT for our FTP server. As root user:

  echo "1">/proc/sys/net/ipv4/ip_forward
  ipchains -P forward DENY
  ipchains -I forward -s -j MASQ
Now we load the autofw kernel module and forward ports 20 and 21 to the
FTP server:

  insmod ip_masq_autofw
  ipmasqadm autofw -A -r tcp 20 21 -h
Then we forward ports for Passive FTP. In our etc/proftpd.conf file we
restriced passive ports to 60000-65535, so that's what we'll use here:

  ipmasqadm autofw -A -r tcp 60000 65535 -h
Now you can try to login to your FTP server from a computer on the