On Fri, 4 Jun 2010 13:32:12 +0800 "Trent O'Callaghan" <[email protected]> wrote:
> Have you read http://www.shorewall.net/FTP.html ? Yes > > Especially where it says: > Important > > Once you have made these changes to /etc/shorewall/modules and/or > /etc/modules.conf, you must either: > > Unload the modules and restart shorewall: > > rmmod nf_nat_ftp; rmmod nf_conntrack_ftp; shorewall restart > or > Reboot Thanks Trent, I don't believe I need to do anything here. My destination port is the standard 21, so I can't see why /etc/shorewall/modules needs to be altered. That said, even after a fresh "rmmod nf_nat_ftp; rmmod nf_conntrack_ftp; shorewall restart" packets are still not marked. To reitterate; tcrules: #################################################################### #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER # PORT(S) PORT(S) 3 $FW 0.0.0.0/0 tcp 21 marks #################################################################### #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER # PORT(S) PORT(S) 3 $FW 0.0.0.0/0 - - - - - - - - ftp does not mark. Strangely, with: #################################################################### #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES HELPER # PORT(S) PORT(S) 3 $FW 0.0.0.0/0 - - - - - - - - ftpasdf "/etc/init.d/shorewall restart" does not error. I would have thought that the bogus helper "ftpasdf" would have caused some type of error, but not in my case. Any other ideas about this helper-marking problem? Regards Fog_Watch # shorewall debug version 4.4.2.1 ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
