Re: [Shorewall-users] FTP not working behind Ubuntu+Shorewall

Thu, 06 Sep 2007 04:31:18 -0700 

Ziga Milek wrote:
> As a matter of fact i thought of the unusual port choice causing the problem
> and  switched the ftp port back to 21 and added 'FTP/DNAT all
> loc:192.168.0.3' rule and the problem persists. Any other idea?
>   

After shorewall start do an iptables-save > file
and look if rules are correct (text search for DNAT). 
Also ACCEPT rule has to be in file for the ports 50000-


Perhaps add the your external IP to the source field in the DNAT entry

        DNAT    net     loc:192.168.0.3 tcp     50000:50005     [your net ip]


> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Jerry
> Vonau
> Sent: Thursday, September 06, 2007 12:31 PM
> To: Shorewall Users
> Subject: Re: [Shorewall-users] FTP not working behind Ubuntu+Shorewall
>
> Ziga Milek wrote:
>   
>> I have a PC router that runs Ubuntu Server 7.04 (kernel version
>> 2.6.20-15-server) and Shorewall (latest version) as a firewall. On one of
>> computers connected to it I run a FTP server. the problem is i cannot
>> connect to it from outside. The ftp server is set up using serv-u. the
>>     
> port
>   
>> used for ftp is 50005 and the ip of that computer is 192.168.0.3. i can
>> however connect to it from another computer on LAN. here are my rules:
>>
>>      #ACTION SOURCE          DEST            PROTO   DEST    SOURCE
>> ORIGINAL     RATE            USER/
>>      #                                               PORT(S) PORT(S)
>> DEST         LIMIT           GROUP
>>      #SECTION ESTABLISHED
>>      #SECTION RELATED
>>      SECTION NEW
>>      SSH/ACCEPT      all     $FW
>>      Webmin/ACCEPT   all     $FW
>>      DNS/ACCEPT      loc     fw
>>      Ping/ACCEPT     loc     all
>>      Ping/REJECT:info        all     $FW
>>      Ping/ACCEPT     $FW     all
>>      DNAT    net     loc:192.168.0.3 tcp     50000:50005
>>      DNAT    net     loc:192.168.0.3 udp     50000:50005
>>      NTP/ACCEPT      all     all
>>
>> ports 50000-50004 are used for torrents, ed2k and a couple of other
>>     
> things,
>   
>> which work fine. what am i missing here? modules nf_nat_ftp and
>> nf_conntrack_ftp are loaded. I've been dealing with this for a couple of
>> months now and i don't know what else to try. Please help me!
>>
>> Ziga
>>
>>     
> Have a look the non-standard ports section of
> http://www.shorewall.net/FTP.html
>
> Jerry
>
>   



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to