Tom Eastep napsal(a): > Jiří Červenka wrote: > >> Tom Eastep napsal(a): >> >>> Jiří Červenka wrote: >>> >>> >>>> Hello, >>>> I´m running shorewall 3.0.2 on debian sarge box. >>>> I have w2k3 box on eth1 with both public and local ip address running >>>> FTP server. >>>> I have set proxy arp for this host. >>>> Now I try to drop ftp packets from one ip address in internet, but my >>>> setup do not work. >>>> >>>> >>> Exactly what does that mean? Does it mean that even with the DROP rule in >>> place, you can start a new FTP client on 193.171.155.10 and have it connect >>> to 195.113.101.221? >>> >>> -Tom >>> >>> >> Yes exactly. I have to put 193.171.155.10 into blacklist file to prevent >> new FTP conections. DROP rule in rules file have no efect. >> > > Then I would like to see the output of "shorewall dump" collected as follows: > > a) With no FTP session from 193.171.155.10, "shorewall dump > dump1.txt" > b) "shorewall reset" > c) Establish an FTP session from 193.171.155.10 > d) "shorewall dump > dump2.txt" > > Send me the two dump files. > > Thanks, > -Tom >
I´m not able to simulate FTP session from 193.171.155.10, because I have no access to this machine, in fact some script kiddie was trying to log in to my FTP server using brute force attack. I tried to establish connection from my personal public IP address and in this case shorewall worked as usual. FTP conection from my public ip address was dropped. It is strange because the only thing I changed in configuration was the ip address in drop rule for FTP conections. Dump files are here: http://rapidshare.com/files/12526259/dumps.zip.html Thanks, Jiri ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
