Hi there, It looks like the classical passive/active issue for ftp servers.
Sometimes, depending on the ftp server configuration ... you simply need to open the connection to all high ports because the ftp servers are configured to allocate a dynamic new port for each connection for the data transfer. This is because, of course, the ftp clients do not use the proxy and tried to directly connect to the net. You seem to have an old MNF, right, If I look at your rules proxy synthax ... (rpm -q shorewall ?) my 2cts, >Hernan Castaneda <[EMAIL PROTECTED]> writes: > Hi all, > > I've installed a box with MNF to serve as > firewall/proxy to a Windows XP/2000 hosts lan. The box > has two NICs eth0 is connected to the lan > 192.168.4.0/24 and eth1 has a public IP address > assigned to it, the hosts can connect to Internet > without problems (http, https) but FTP can only be > accessed through the browsers (IE6 SP1 and Mozilla > 1.7), even with IE when connects to the ftp server a > message box appears saying that the access in read > only because the proxy isn't configured correctly. If > they try to make an FTP connection using a client (WS > FTP 9) or even "DOS" console an error appears saying > that the connection couldn't establish because the > name cannot be resolved (DNS Problem); Squid is in > transparent mode. Can anybody please help me. > > Regards, > Hernan Casta�eda > > I atach firewall configuration. > Default policies: > 1 lan all REJECT info > 2 fw all ACCEPT info > 3 wan all DROP info > 4 all all REJECT info > Rules: > 1 ACCEPT fw wan tcp+udp 53 > 2 ACCEPT lan wan udp 53 > 3 REJECT wan fw tcp 113 > 4 ACCEPT lan fw tcp 22 > 5 ACCEPT lan fw tcp 8443 > 6 ACCEPT fw lan icmp 8 > 7 ACCEPT lan fw icmp 8 > 8 ACCEPT lan wan tcp pop3 > 9 ACCEPT lan wan tcp smtp > 10 ACCEPT lan wan tcp http > 11 ACCEPT lan wan tcp https > 12 ACCEPT lan wan tcp ssh > 13 ACCEPT lan wan tcp ftp > 14 ACCEPT lan wan tcp nntp > 15 ACCEPT fw wan udp ntp > 16 ACCEPT lan wan tcp imap > 17 ACCEPT fw wan:20022 tcp ftp > 20 ACCEPT lan fw tcp https > 23 ACCEPT fw:3328 wan tcp https > 24 ACCEPT lan fw::3328 tcp www all > 25 ACCEPT fw wan tcp www > > P.D.: Sorry if the mail is to long I tried to be as > much specific as I could > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - You care about security. So do we. > http://promotions.yahoo.com/new_mail > > ____________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Join the Club : http://www.mandrakeclub.com > ____________________________________________________ -- Florin http://www.mandrakesoft.com http://people.mandrakesoft.com/~florin/
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
