Hi all! I am a long time lurker, but have not posted until now.
My old trusted firewall machine broke a couple of weeks ago and I replaced it with a XEN domU that is using DNAT and has two interfaces. The firewall domU and the FTP server domU are both guests on the same dom0. All three machines are running Debian/etch (stable) and Shorewall has version 3.2.6.
I can't get FTP to work and Filezilla says:
Response: 227 Entering Passive Mode (192,168,221,239,19)
Status: Server sent passive reply with unroutable address. Using
server address instead.
I cannot understand why the FTP servers private address is leaked since the
modules ip_nat_ftp and ip_conntrack_ftp are loaded. The FTP rule is "FTP/DNAT
net loc:192.168.221.3".
In the attached status file I have connected from "213.115.101.134" to "87.96.134.74". Can any of you see what is wrong?
Thank you in advance. /Martin Leben Ps/ DNAT:ting http, imap and other "simple" traffic works. /DsPs2/ My apologies if this mail hits the list twice. I sent the first one before subscribing. (Reading through http://gmane.org) /Ds2
status.txt.gz
Description: application/gzip
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
