On 5/23/19 2:41 AM, Andreas Günther wrote:
Hello together,
I have installed Shorewall 5.0.15.6 on a Debian Linux Stretch KVM-Host as
firewall with NAT to the KVM-VMs on the host.
One of the VMs includes an Apache-Server and a ProFTPd-Server (IP
192.168.1.75)
At first I use the zones fw, net and loc. Then my rules looks for FTP like
FTP(ACCEPT) net loc:192.168.1.75
FTP(ACCEPT) loc:192.168.1.75 net
macro.FTP:
?if ( __CT_TARGET && ! $AUTOHELPERS && __FTP_HELPER )
PARAM - - tcp 21 { helper=ftp }
?else
PARAM - - tcp 21
?endif
For running TLS on the ProFTPd-Server I use passive ports 49152 65535. When
shorewall is started, I start additional
iptables -I net-loc 2 -p tcp --match multiport --dports 49152:65535 --dst
192.168.1.75 -j ACCEPT
for opening the connection FTP-clients to ProFTPd-Server. That solutions is
running well.
Now I want to build in this command in one marco or directly in the file
rules. But I don't know how I have do it.
Is here someone who can explains it to me?
The rule is:
ACCEPT net loc:192.168.1.75 tcp 49152:65535
You might also want to look at the current thread on this list with the
subject "Resetting an event when a connection is closed", as it is
addressing this same configuration issue.
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
