On 7/24/2014 8:19 PM, Raimonds Cicans wrote: > 1) Forget to mention: > /etc/shorewall/shorewall.conf: FASTACCEPT=Yes > > 2) Tested following variant: > /etc/shorewall/rules: DNAT inet dmz:somehost:21 tcp 21 > > It works without problem. > > 3) AFAIK last thing done on the firewall, was Shorewall upgrade (4.4->4.5) > Unfortunately I can not downgrade to 4.4 to test this version > > > YES! Shorewall upgrade is guilty! > http://shorewall.net/pub/shorewall/4.5/shorewall-4.5.21/releasenotes.txt > N E W F E A T U R E S I N 4 . 5 . 7 > In short: automatic attachment of helpers to connections is disabled > (including FTP helpers) > > Correct way to define this rule is: > DNAT inet dmz:somehost:21 tcp someport ; helper=ftp > > PLEASE! Somebody update http://shorewall.net/FTP.html guide with this > information.
Done. What is your setting for AUTOHELPERS in shorewall.conf? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
