Thomas Deutschmann skrev den 2017-12-06 03:45:
What am I missing?
I don't think it matters, but the natted FTP server is a CentOS 7.x
with ProFTPd.
http://www.proftpd.org/docs/howto/NAT.html
You have to tell your ftp server which passive ports should be used.
You have to open (forward) all of these ports because you cannot know
which port will be selected for the specific connection. Helpers like
ip_conntrack_ftp don't support encryption.
is ssl tls using non default port 21 ?
conntracker only know default port 21, but if ssl tls using other ports
it could be added to conntracker imho so it works the kernel way
no ?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users