Tom Eastep wrote: > Craig M. Nicholson wrote: > >> Surely if the connection is tracked and marked then the reply packets >> should go out of the interface that the request came in on? >> >> Any ideas anyone? >> > > Craig, > > Sorry -- I can't comment without seeing a 'shorewall dump' collected as > described in great detail at http://www.shorewall.net/support.htm#guidelines. > Also: > > a) Why are you specifying 'loose'? > b) Where does this FTP server run? The firewall? In a local network? > c) Is it the responses to the control connection (TCP port 21) that go out via > ppp0 or is it active mode connections from the server back to the client that > go > out via ppp0?
Oops -- got the interfaces reversed. The last question should be: c) Is it the responses to the control connection (TCP port 21) that go out via eth1 or is it active mode connections from the server back to the client that go out via eth1? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users