On 1/1/19 2:05 PM, Naveen Neelakanta wrote: > Hi Tom > > This works where zone 2 is the internet facing zone. > > ?if __FTP_HELPER > > IPTABLES(CT --zone 2 --helper ftp) eth3 - > tcp 21 > > IPTABLES(CT --zone 2 --helper ftp):O 0.0.0.0/0 <http://0.0.0.0/0> > eth3 tcp 21 > > IPTABLES(CT --zone 2 --helper ftp) veth-e3-p - > tcp 21 > > IPTABLES(CT --zone 2 --helper ftp):O 0.0.0.0/0 <http://0.0.0.0/0> > veth-e3-p tcp 21 > > ?endif > > > Please find the attached conntrack file, please let me know if this is > the right way to do it or is there a better way. > > Can I use a generic zone id in this case or just the zone which is > internet facing? >
You may need to add additional entries for your other zones, if you need to provide ftp access from those zones. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
