Hi, please do a lsmod and look if modules
ip_conntrack_ftp ip_nat_ftp are loaded... (needed for passive ftp) i have the same prob and had to modprobe this modules after booting the machine to get ftp working... shorewall should load this by default (modules-file), but dosen't... perhaps you have the same prob... sorry, don't know how to fix this... i live with this prob :-) no matter with a uptime over some weeks... greatz FrankB Am Do, 2004-07-29 um 00.06 schrieb Hernan Castaneda: > Hi all, > > I've installed a box with MNF to serve as > firewall/proxy to a Windows XP/2000 hosts lan. The box > has two NICs eth0 is connected to the lan > 192.168.4.0/24 and eth1 has a public IP address > assigned to it, the hosts can connect to Internet > without problems (http, https) but FTP can only be > accessed through the browsers (IE6 SP1 and Mozilla > 1.7), even with IE when connects to the ftp server a > message box appears saying that the access in read > only because the proxy isn't configured correctly. If > they try to make an FTP connection using a client (WS > FTP 9) or even "DOS" console an error appears saying > that the connection couldn't establish because the > name cannot be resolved (DNS Problem); Squid is in > transparent mode. Can anybody please help me. > > Regards, > Hernan Castaeda > > I atach firewall configuration. > Default policies: > 1 lan all REJECT info > 2 fw all ACCEPT info > 3 wan all DROP info > 4 all all REJECT info > Rules: > 1 ACCEPT fw wan tcp+udp 53 > 2 ACCEPT lan wan udp 53 > 3 REJECT wan fw tcp 113 > 4 ACCEPT lan fw tcp 22 > 5 ACCEPT lan fw tcp 8443 > 6 ACCEPT fw lan icmp 8 > 7 ACCEPT lan fw icmp 8 > 8 ACCEPT lan wan tcp pop3 > 9 ACCEPT lan wan tcp smtp > 10 ACCEPT lan wan tcp http > 11 ACCEPT lan wan tcp https > 12 ACCEPT lan wan tcp ssh > 13 ACCEPT lan wan tcp ftp > 14 ACCEPT lan wan tcp nntp > 15 ACCEPT fw wan udp ntp > 16 ACCEPT lan wan tcp imap > 17 ACCEPT fw wan:20022 tcp ftp > 20 ACCEPT lan fw tcp https > 23 ACCEPT fw:3328 wan tcp https > 24 ACCEPT lan fw::3328 tcp www all > 25 ACCEPT fw wan tcp www > > P.D.: Sorry if the mail is to long I tried to be as > much specific as I could > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - You care about security. So do we. > http://promotions.yahoo.com/new_mail > > > ______________________________________________________________________ > ____________________________________________________ > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com > Join the Club : http://www.mandrakeclub.com > ____________________________________________________
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
