Hello All, I know that this should be a trivial issue, but I'm stuck. I'm totally new to Shorewall and although I've read all about the zones, they're still a bit confusing for me.
What I'm attempting to do is run an FTP server on an internal machine. I've read the example guide and troubleshooting guide, but I can't figure it out. My setup: net zone is on an extrenal NIC with a routable IP. I can connect to other services on the box from the inside and outside so network connectivity is good. My FTP server is running on 10.0.50.10 inside. LAN clients can connect to the FTP server therefore the FTP server itself is set up correctly. When I run shorewall clear, I can connect to the FTP server from the outside so it seems to be a Shorewall configuration issue for sure. My Rules: I feel pretty confident that I fall into example #3: Example 3. Server running behind a Masquerading Gateway Suppose that you run an FTP server on 192.168.1.5 in your local zone using the standard port (21). You need this rule: #ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL # PORT(S) DESTINATION FTP/DNAT net loc:192.168.1.5 However, after changing the IP to 10.0.50.10, no go. A typical log entry when trying to connect looks like this: Dec 15 10:36:29 munged kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:11:95:c5:29:43:00:90:1a:40:df:45:08:00 SRC=209.5.161.208 DST=10.0.50.10 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=52574 DF PROTO=TCP SPT=34883 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 From this I can see that it is the net2all chain that's dropping the packet which seems to indicate an incoming issue, but I don't know how to fix it. Links, tips, everything appreciated. Thanks! Jon ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
