Tom or anyone
Last question.
i have a tcrule to limit ftp as well now and i am using the ftp helper
however i am not seeing any hits on the rule.
any ideas why? 80 and 443 work 100% now..
see attached
On Tue, Nov 12, 2013 at 7:58 PM, JC Putter <jcput...@gmail.com> wrote:
> Tom,
>
> Thank you very much! got it working, after re-reading shorewall.conf man
>
> FORWARD_CLEAR_MARK was not set (which if i understand the man
> correctly it defaults to YES?) after changing it to No, it seems to
> work now!
>
>
> On Tue, Nov 12, 2013 at 7:10 PM, Tom Eastep <teas...@shorewall.net> wrote:
>> On 11/12/2013 8:24 AM, JC Putter wrote:
>>> attached the shorewall dump.
>>>
>>> MARK_IN_FORWARD_CHAIN=No
>>>
>>
>> As I explained in the last email, it is *never* going to work with
>> MARK_IN_FORWARD_CHAIN=No and FORWARD_CLEAR_MARK=Yes. You must change the
>> setting of one or the other or you must do your marking in the FORWARD
>> or POSTROUTING chains using a :F or :P suffix.
>>
>> -Tom
>> --
>> Tom Eastep \ When I die, I want to go like my Grandfather who
>> Shoreline, \ died peacefully in his sleep. Not screaming like
>> Washington, USA \ all of the passengers in his car
>> http://shorewall.net \________________________________________________
>>
>>
>> ------------------------------------------------------------------------------
>> November Webinars for C, C++, Fortran Developers
>> Accelerate application performance with scalable programming models. Explore
>> techniques for threading, error checking, porting, and tuning. Get the most
>> from the latest Intel processors and coprocessors. See abstracts and register
>> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:21 helper match "ftp" MARK set 0x3
shorewall show connection output
ipv4 2 tcp 6 7 TIME_WAIT src=192.168.10.11 dst=xxx.xxx.xxx.xxx
sport=18554 dport=60009 src=xxx.xxx.xxx.xxx dst=192.168.1.100 sport=60009
dport=18554 [ASSURED] mark=0 secmark=0 use=2
ipv4 2 tcp 6 431903 ESTABLISHED src=192.168.10.11 dst=xxx.xxx.xxx.xxx
sport=18377 dport=21 src=xxx.xxx.xxx.xxx dst=192.168.1.100 sport=21 dport=18377
[ASSURED] mark=0 secmark=0 use=4
ipv4 2 tcp 6 299 ESTABLISHED src=192.168.10.11 dst=xxx.xxx.xxx.xxx
sport=18590 dport=60057 src=xxx.xxx.xxx.xxx dst=192.168.1.100 sport=60057
dport=18590 [ASSURED] mark=0 secmark=0 use=54
------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
