Hello together,
I have installed Shorewall 5.0.15.6 on a Debian Linux Stretch KVM-Host as
firewall with NAT to the KVM-VMs on the host.
One of the VMs includes an Apache-Server and a ProFTPd-Server (IP
192.168.1.75)
At first I use the zones fw, net and loc. Then my rules looks for FTP like
FTP(ACCEPT) net loc:192.168.1.75
FTP(ACCEPT) loc:192.168.1.75 net
macro.FTP:
?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER )
PARAM - - tcp 21 { helper=ftp }
?else
PARAM - - tcp 21
?endif
For running TLS on the ProFTPd-Server I use passive ports 49152 65535. When
shorewall is started, I start additional
iptables -I net-loc 2 -p tcp --match multiport --dports 49152:65535 --dst
192.168.1.75 -j ACCEPT
for opening the connection FTP-clients to ProFTPd-Server. That solutions is
running well.
Now I want to build in this command in one marco or directly in the file
rules. But I don't know how I have do it.
Is here someone who can explains it to me?
Best regards
Andreas
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
