Hopefully this hasn't been asked a number of times.. I did some searching, and didn't come up with anything initially.
I have a machine which is to act as a reverse proxy for ftp traffic. It sits in the dmz, and receives ftp traffic from the net. Its job is to pass along that traffic to the firewall (which leads to a ftp server inside) using just its ip address. (So the firewall rule can be opened to just the reverse proxy server, and not ANY. ). It has a single interface. The process is to work like this: [net] [firewall - allow ANY ftp] [shorewall] [firewall - allow ftp coming only from shorewall] [internal ftp server] Here is my info (modified sightly to make safe to broadcast): Shorewall interface: inet addr:175.31.30.10 Bcast:175.31.30.255 Mask:255.255.255.0 Gateway: 175.31.30.1 Interfaces: net eth0 175.31.30.255 Policy: fw net ACCEPT info all all REJECT info Masq: (not sure if this is necessary..) eth0 0.0.0.0/0 175.31.30.10 Zones: fw firewall net ipv4 Rules: ACCEPT net fw icmp 8 ACCEPT fw net icmp 8 FTP/DNAT net net:10.111.46.4 FTP/ACCEPT fw net ACCEPT net fw tcp 22 When I try to ftp to the box from the outside (72.36.210.44), the connection is refused, and the following is in the log: Nov 10 16:25:17 revproxy kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=72.36.210.44 DST=10.111.46.4 LEN=60 TOS=0x10 PREC=0x00 TTL=48 ID=61493 DF PROTO=TCP SPT=51483 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0A Hopefully I was clear enough .. if clarification is needed, just say the word. Thanks for your time, and thanks for shorewall. -Bill ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
