On Wed, Mar 16, 2022 at 04:14:10PM +0100, Ruud Baart wrote: > Hi, > > I can find quite a lot of documentation concerning a FTP server. But I don't > find the way to do it. > > My situation: > > Internet <--> Firewall <--> FTP server > > Firewall and FTP server are Debian 11 and I use the latest shorewall. > > The Firewall has three public IP addresses, FTP server had no public IP > address. Firewall and FTP server are connected to a private 172.23.10.0/24 > network. > > This setup is new but in fact a replica of the existing situation (I'm
Are you using TLS with the old setup ? > moving to a new hosting party). In the existing situation and new situation > all works fine (Debian 10) as long as I don't use a certificate. This is the > DNAT rule I use: > > SECTION NEW > FTP(DNAT) wan1 lan1:$FTP_INT - - - $FTP_EXT > > where $FTP_INT and $FTP_EXT the internal and external IP addresses are of > the FTPserver. > > As said, works fine as long as I don't use a certificate. With TLS > connection Filezilla: > > Status: Server sent passive reply with unroutable address. Using > server address instead. Maybe a good test is to do: modprobe nf_conntrack_ftp -- Justin _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
