Hello
With the following in my tcrules I can log in to my ftp site:
####################################################################
#MARK SOURCE DEST PROTO DEST SOURCE USER
TEST LENGTH TOS CONNBYTES HELPER
# PORT(S) PORT(S)
3 $FW 0.0.0.0/0 tcp 21
But I cannot ls or get. Of course I need more than just a control
connection.
So I try the following in my tcrules:
####################################################################
#MARK SOURCE DEST PROTO DEST SOURCE USER
TEST LENGTH TOS CONNBYTES HELPER
# PORT(S) PORT(S)
3 $FW 0.0.0.0/0 - - - -
- - - - ftp
Which does not work at all.
A shorewall iptrace reveals that with the above tcrules (with the
helper) packets are not marked.
So, um, how should I be using my ftp helper to mark packets?
Regards
Fog_Watch.
# lsmod | grep ftp
nf_nat_tftp 1301 0
nf_nat_ftp 2267 0
nf_conntrack_tftp 3810 1 nf_nat_tftp
nf_conntrack_ftp 6177 1 nf_nat_ftp
nf_nat 14504 7
nf_nat_sip,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_ftp,iptable_nat
nf_conntrack 52369 21
nf_nat_sip,xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_ftp,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
status.txt.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
